CVE-2024-3544

Summary

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationLoadMasterLoadMaster 7.2.55.0 (GA) < 7.2.59.4affected
Progress Software CorporationLoadMasterLoadMaster 7.2.49.0 (LTSF) < 7.2.54.10affected
Progress Software CorporationLoadMasterLoadMaster 7.2.48.11 (LTS) < 7.2.48.12affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References