CVE-2024-1212

Summary

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMaster7.2.48.1 < 7.2.48.10affected
Progress SoftwareLoadMaster7.2.54.0 < 7.2.54.8affected
Progress SoftwareLoadMaster7.2.55.0 < 7.2.59.2affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References