CVE-2024-7591

EPSS 31.46%
Veröffentlicht 05.09.2024 18:15:06
Zuletzt bearbeitet 18.02.2025 16:15:19
Quelle security@progress.com
CVE-Watchlists
Login
Unerledigt
Login

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:

* LoadMaster: 7.2.40.0 and above

* ECS: All versions

* Multi-Tenancy: 7.1.35.4 and above

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kemptechnologies ≫ Loadmaster Version >= 7.2.40.0 <= 7.2.60.0

Kemptechnologies ≫ Multi-tenant Hypervisor Firmware Version >= 7.1.35.4 < 7.1.35.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	31.46%	0.966

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@progress.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591

https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7591

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7591