7.5

CVE-2024-3544

EPSS 0.24%
Published 02.05.2024 15:15:07
Last modified 03.02.2025 21:38:22
Source security@progress.com
Teams watchlist Login
Open Login

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Progress ≫ Loadmaster SwEditionlts Version < 7.2.48.11

Progress ≫ Loadmaster SwEditionltsf Version >= 7.2.49.0 < 7.2.54.10

Progress ≫ Loadmaster SwEditionga Version >= 7.2.55.0 < 7.2.59.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
security@progress.com	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://kemptechnologies.com/

Product

https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-3544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3544

EUVD