7.5

CVE-2024-3544

EPSS 0.24%
Veröffentlicht 02.05.2024 15:15:07
Zuletzt bearbeitet 03.02.2025 21:38:22
Quelle security@progress.com
Teams Watchlist Login
Unerledigt Login

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Progress ≫ Loadmaster SwEditionlts Version < 7.2.48.11

Progress ≫ Loadmaster SwEditionltsf Version >= 7.2.49.0 < 7.2.54.10

Progress ≫ Loadmaster SwEditionga Version >= 7.2.55.0 < 7.2.59.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
security@progress.com	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://kemptechnologies.com/

Product

https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-3544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3544

EUVD