CVE-2024-1212:
Pre-authenticated remote OS command injection vulnerability in Kemp LoadMaster management interface allows arbitrary system command execution; affects Linux LoadMaster releases with versions below 7.2.48.10, below 7.2.54.8, and below 7.2.59.2.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Feb 21, 2024
- CISA KEV Date:Nov 18, 2024
- Industries Affected:20
271 DaysThreat Predictions
- EPSS Score:94.3
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Pre-authenticated remote OS command injection vulnerability in Kemp LoadMaster management interface allows arbitrary system command execution; affects Linux LoadMaster releases with versions below 7.2.48.10, below 7.2.54.8, and below 7.2.59.2.
Overview
This vulnerability in LoadMaster exposes the management interface to unauthenticated remote attackers, enabling arbitrary command execution on the underlying host. The flaw affects several 7.2.x Linux releases and is deemed critical because it requires no privileges or user interaction and can impact confidentiality, integrity, and availability. The issue is associated with pre-authentication OS command injection via the management interface, making rapid remediation essential.
Remediation
- Upgrade to fixed releases: apply the patches to move to 7.2.48.10 or newer, 7.2.54.8 or newer, or 7.2.59.2 or newer (as indicated by the vendor advisories for CVE-2024-1212).
- If immediate patching is not possible:
- Restrict access to the LoadMaster management interface to trusted networks only (use firewall rules, VPN, or network segmentation).
- Disable or isolate remote management exposure from the public network; require access through a secured management network or bastion host.
- Review and harden access controls, monitor logs for unusual commands, and enable enhanced auditing on the management interface.
- After patching:
- Validate that the vulnerable versions are no longer exposed and that the management interface functions normally.
- Reassess network exposure and ensure a reduced attack surface; re-run vulnerability scans and monitor for any indicators of compromise.
- General recommendations:
- Keep LoadMaster and underlying OS up to date with vendor advisories.
- Maintain backups and tested incident response procedures in case of exploitation.
- Monitor for KEV catalog updates and related advisories to stay informed about active exploitation.
References
- - [Kemp Technologies Release Notice LMOS 7.2-59-2, 7.2-54-8, 7.2-48-10 – CVE-2024-1212](https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212)
- - [Kemp Technologies LoadMaster Security Vulnerability CVE-2024-1212](https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212)
- - [Kemp Technologies](https://kemptechnologies.com/)
- - [FreeLoad Balancer](https://freeloadbalancer.com/)
- - [CISA Known Exploited Vulnerabilities Catalog – CVE-2024-1212](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1212)
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Aug 21, 2024
- CISA KEV Date:Nov 18, 2024
- Days Early:271 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
