Progress Software has released an emergency update to address a maximum (10/10) severity vulnerability discovered in LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor, which are used by large organizations to optimize app performance and manage network traffic.
The vulnerability, designated CVE-2024-7591, is due to improper validation of user input which could allow threat actors to access LoadMaster’s management interface and execute code simply by sending vulnerable endpoints a specially crafted HTTP request.
Progress has fixed the bug by sanitizing user request input and made a patch available for all impacted versions of LoadMaster and LoadMaster MT except for the free version, which remains vulnerable for the time being.
So far, Progress isn’t aware of any active exploitation of CVE-2024-7591 but still recommends users upgrade as soon as possible and implement system hardening guidelines.
Source: Bleeping Computer
Analysis
Although it wasn’t stated, the maximum severity rating of CVE-2024-7591 likely reflects the ease of exploitation, meaning that Progress’s statement of not being aware of any active exploitation of the flaw is likely to change quickly. Thus, network defenders must secure vulnerable systems before threat actors develop an exploit for CVE-2024-7591 and deploy it against unpatched deployments.
CVE-2024-7591 serves to remind administrators that application delivery controllers and network monitoring applications should be properly configured so they aren’t accessible to unauthorized users. If this were the case, threat actors would not be able to establish a remote connection and therefore could not target vulnerabilities on these devices.
in 2023, a zero-day vulnerability in a different Progress Software product called MOVEit Transfer was exploited by threat actors to access the networks of high-profile organizations like the BBC and British Airways. It also impacted the government of Nova Scotia, resulting in the theft of social insurance numbers, addresses, and banking information of 100,000 current and former provincial employees. Furthermore, one ransomware actor, known as Cl0p, named 27 companies it claims to have hacked using the MOVEit vulnerability.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like LoadMaster. Field Effect MDR users were automatically notified if a vulnerable version of LoadMaster was detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of affected LoadMaster versions update to the latest version and implement system hardening measures as soon as possible, in accordance with the advisory.
Additionally, Field Effect recommends placing all application delivery controllers, such as LoadMaster, behind a firewall and ensuring they are accessible only internally or by trusted IP addresses.
Related Articles
