Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come beneath energetic exploitation inside the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Security Firm (CISA) on Monday added CVE-2024-1212 (CVSS ranking: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Acknowledged Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software program program once more in February 2024.
“Progress Kemp LoadMaster includes an OS command injection vulnerability that allows an unauthenticated, distant attacker to entry the system by the use of the LoadMaster administration interface, enabling arbitrary system command execution,” the corporate acknowledged.
Rhino Security Labs, which discovered and reported the flaw, said worthwhile exploitation permits command execution on LoadMaster must an attacker have entry to the administrator internet particular person interface, granting them full entry to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers are literally exploiting two security flaws inside the VMware vCenter Server, which have been demonstrated on the Matrix Cup cybersecurity opponents held in China earlier this yr.
The failings, CVE-2024-38812 (CVSS ranking: 9.8) and CVE-2024-38813 (CVSS ranking: 7.5), have been originally resolved in September 2024, although the company rolled out fixes for the earlier a second-time last month, stating the sooner patches “didn’t completely take care of” the difficulty.
- CVE-2024-38812 – A heap-overflow vulnerability inside the implementation of the DCERPC protocol that might enable a malicious actor with group entry to accumulate distant code execution
- CVE-2024-38813 – A privilege escalation vulnerability that might enable a malicious actor with group entry to escalate privileges to root
Whereas there are presently no particulars on the observed exploitation of these vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Govt Division (FCEB) companies remediate CVE-2024-1212 by December 9, 2024, to secure their networks.
The occasion comes days after Sophos revealed that cybercrime actors are actively weaponizing a vital flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS ranking: 9.8) to deploy a beforehand undocumented ransomware known as Frag.
