Exciting news for Progress Software users! The company has just released security updates to tackle a critical flaw in LoadMaster and Multi-Tenant (MT) hypervisor systems that could potentially allow the execution of malicious operating system commands.
This vulnerability, known as CVE-2024-7591 and boasting a CVSS score of 10.0, is categorized as an improper input validation issue that can lead to OS command injection.
According to Progress Software, who issued an advisory last week, “Remote attackers could exploit this flaw by sending a carefully crafted HTTP request via the LoadMaster management interface to execute unauthorized system commands. Thankfully, this vulnerability has been neutralized by sanitizing user input to prevent the execution of arbitrary system commands.”
The affected versions include:
- LoadMaster (7.2.60.0 and earlier)
- Multi-Tenant Hypervisor (7.1.35.11 and earlier)
Credit for uncovering and reporting this flaw goes to security researcher Florian Grunow. Despite no reported incidents of exploitation in the wild, Progress Software strongly recommends immediate application of the latest fixes by downloading and installing an add-on package. Simply head to System Configuration > System Administration > Update Software to keep your systems secure.
As a precautionary measure, Progress Software advises all users to follow their security hardening guidelines to bolster their defenses against potential threats.
Stay up to date with the latest cybersecurity news by following us on Twitter and LinkedIn. Don’t miss out on exclusive content and insights!