web analytics

Progress Software Fixes Critical LoadMaster Vulnerability – Source: www.databreachtoday.com

progress-software-fixes-critical-loadmaster-vulnerability-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Governance & Risk Management
,
Network Performance Monitoring & Diagnostics
,
Patch Management

Urgent Fix Addresses Critical Flaw That Allows Remote Code Execution

Prajeet Nair (@prajeetspeaks) •
September 9, 2024    

Progress Software Fixes Critical LoadMaster Vulnerability
Progress Software released an urgent patch for a remote code execution flaw. (Image: Progress Software)

Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks.

See Also: Cosmos Full Show

The security update addresses CVE-2024-7591, which affects all versions of LoadMaster and LoadMaster Multi-Tenant Hypervisor.

LoadMaster is an application delivery controller that enhances app performance, scalability and security through load balancing, SSL offloading and WAF. LoadMaster Multi-Tenant Hypervisor is a version designed for multi-tenant environments that provides high throughput, network port density, and secure, isolated environments for multiple clients.

The critical vulnerability is classified as a remote code execution flaw and has a maximum-severity score of 10.0 on the CVSS scale. It could allow unauthenticated remote attackers to execute arbitrary system commands by sending specially crafted HTTP requests.

Progress Software was at the center of a Memorial Day 2023 mass hacking incident that started when the cybercriminal group exploited a zero-day vulnerability in the Massachusetts’ company MOVEit file transfer software. The surprise cyberattack by last count affected 2,773 organizations. The attack formed part of a cascade of incidents involving edge devices such as those made by Progress (see: Surge in Attacks Against Edge and Infrastructure Devices).

While there have been no reports of active exploitation of this newest Progress flaw, the company said it strongly encourages all LoadMaster customers to install the patch immediately.

The vulnerability arises from improper input validation. A crafted HTTP request to the LoadMaster management interface could result in unauthorized access, complete system compromise, data theft, service disruption or use of the compromised system as a launch pad for further attacks within the network.

The vulnerability affects LoadMaster virtual network functions and the MT hypervisor manager node. The patch sanitizes user input in HTTP requests to prevent arbitrary command execution.

Customers can download and install the add-on patch from Progress Software’s support portal, even if the product’s support has expired.

Original Post url: https://www.databreachtoday.com/progress-software-fixes-critical-loadmaster-vulnerability-a-26241

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for...
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR...
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report

More Latest Published Posts

ChiefExecutive
Ciberseguridad: Prioridad Estratégica para los CEO.
Ciberseguridad: Prioridad Estratégica para los CEO.
CYBER SECURITY COALITION
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
INL/EXT
Cybersecurity for Distributed Wind
Cybersecurity for Distributed Wind
ARTIC WOLF
Cybersecurity Compliance Guide
Cybersecurity Compliance Guide
ESRAA MOHAMAD
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
DRAGOS
Impact of FrostyGoop ICS Malware on Connected OT Systems
Impact of FrostyGoop ICS Malware on Connected OT Systems
Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act – Control Mappings
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing
IGNITE Technologies
Disk Group Privilege Escalation
Disk Group Privilege Escalation
Hiral Patel
Data LossPrevention(DLP)
Data LossPrevention(DLP)
Polygon
Digital identity – Deutsche Bank Corporate Bank
Digital identity – Deutsche Bank Corporate Bank
CSA Cloud Security Alliance
The Six Pillars of DevSecOps:Collaboration andIntegration
The Six Pillars of DevSecOps:Collaboration andIntegration
ASPIRE SYSTEMS
A complete guide toImplementingDevSecOps in AWS
A complete guide toImplementingDevSecOps in AWS
GAO
CYBERSECURITY PROGRAM AUDIT GUIDE
CYBERSECURITY PROGRAM AUDIT GUIDE
Apress
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
PWC
Data Privacy Handbook
Data Privacy Handbook
CERT-EU
DDoS Overview and Response Guide
DDoS Overview and Response Guide
IGNITE Technologies
Data Exfiltration Cheat Sheet
Data Exfiltration Cheat Sheet
CRC Press
Data Privacy for the Smart Grid
Data Privacy for the Smart Grid
New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0