November 19, 2024 at 04:20PM
CISA has added three new critical vulnerabilities to its KEV catalog, including CVE-2024-1212 in Progress Kemp LoadMaster, which allows remote system access. Organizations must implement updates by December 9, 2024, or cease usage. Additionally, another flaw, CVE-2024-7591, has also been identified but lacks observed exploitation.
**Meeting Takeaways:**
1. **New Vulnerabilities Added to CISA’s KEV Catalog:**
– Three new flaws have been added, including a critical OS command injection affecting Progress Kemp LoadMaster (CVE-2024-1212).
2. **Details on CVE-2024-1212:**
– Discovered by Rhino Security Labs, this vulnerability has a CVSS score of 10.0 (critical).
– It allows unauthenticated, remote attackers to execute arbitrary system commands via the LoadMaster management interface.
– A patch was issued on February 21, 2024, but it has been reported to be actively exploited in the wild.
3. **Affected Versions:**
– LoadMaster versions affected include:
– 7.2.48.1 to before 7.2.48.10
– 7.2.54.0 to before 7.2.54.8
– 7.2.55.0 to before 7.2.59.2
4. **CISA Guidelines:**
– Federal organizations using LoadMaster must apply the updates and mitigations by December 9, 2024, or cease using the product.
5. **Other Vulnerabilities Cataloged:**
– Two additional vulnerabilities noted:
– **CVE-2024-0012:** Authentication bypass in Palo Alto Networks PAN-OS Management Interface.
– **CVE-2024-9474:** OS command injection in the same product.
6. **Related Max Severity Flaw – CVE-2024-7591:**
– Another significant flaw in LoadMaster (CVE-2024-7591) allows remote command execution due to improper input validation.
– This affects LoadMaster version 7.2.60.0 and all prior versions, along with MT Hypervisor version 7.1.35.11 and earlier.
7. **Recommendations for System Administrators:**
– Admins are advised to upgrade to versions that address both maximum severity flaws, despite no observed active exploitation for CVE-2024-7591 yet.
8. **Current Status on Exploitations:**
– No specific details about active exploitation activities have been released, and its role in ransomware campaigns remains uncertain.
Overall, immediate action is recommended for federal organizations and system administrators using the affected software to ensure security and compliance.