CVE-2024-1212
LoadMaster Pre-Authenticated OS Command Injection
In short
Attackers can remotely execute arbitrary commands on a LoadMaster system without needing to log in. This allows complete control over the affected device and poses an immediate critical risk.
Technical detail
CWE-78 OS command injection in LoadMaster's management interface allows unauthenticated remote attackers to inject and execute arbitrary system commands. The vulnerability requires network access to the management interface but no prior authentication, resulting in full system compromise.
Summary generated and translated by AI from the official description.
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Progress Software · LoadMasterpublic PoCs found — 2
githubgithub.com/Chocapikk/CVE-2024-1212★ 19githubgithub.com/r0otk3r/CVE-2024-1212★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://freeloadbalancer.com/https://kemptechnologies.com/https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212