Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

LoadMaster and MT Hypervisor

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands.

Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection.

“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted http request that will allow arbitrary system commands to be executed,” the company said in an advisory last week.

“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”

Cybersecurity

The flaw affects the following versions –

  • LoadMaster (7.2.60.0 and all prior versions)
  • Multi-Tenant Hypervisor (7.1.35.11 and all prior versions)

Security researcher Florian Grunow has been credited with discovering and reporting the flaw. Progress said it has found no evidence of the vulnerability being exploited in the wild.

That said, it’s recommended that users apply the latest fixes as soon as possible by downloading an add-on package. The update can be installed by navigating to System Configuration > System Administration > Update Software.

“We are encouraging all customers to upgrade their LoadMaster implementations as soon as possible to harden their environment,” the company said. “We also strongly recommend that customers follow our security hardening guidelines.”



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.