Now-patched safety flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come below lively exploitation within the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added CVE-2024-1212 (CVSS rating: 10.0), a maximum-severity safety vulnerability in Progress Kemp LoadMaster to its Identified Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software program again in February 2024.
“Progress Kemp LoadMaster comprises an OS command injection vulnerability that permits an unauthenticated, distant attacker to entry the system by the LoadMaster administration interface, enabling arbitrary system command execution,” the company stated.
Rhino Safety Labs, which found and reported the flaw, stated profitable exploitation permits command execution on LoadMaster ought to an attacker have entry to the administrator net consumer interface, granting them full entry to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers are actually exploiting two safety flaws within the VMware vCenter Server, which have been demonstrated on the Matrix Cup cybersecurity competitors held in China earlier this yr.
The failings, CVE-2024-38812 (CVSS rating: 9.8) and CVE-2024-38813 (CVSS rating: 7.5), have been initially resolved in September 2024, though the corporate rolled out fixes for the previous a second-time final month, stating the earlier patches “didn’t absolutely tackle” the issue.
- CVE-2024-38812 – A heap-overflow vulnerability within the implementation of the DCERPC protocol that would allow a malicious actor with community entry to acquire distant code execution
- CVE-2024-38813 – A privilege escalation vulnerability that would allow a malicious actor with community entry to escalate privileges to root
Whereas there are at present no particulars on the noticed exploitation of those vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Government Department (FCEB) companies remediate CVE-2024-1212 by December 9, 2024, to safe their networks.
The event comes days after Sophos revealed that cybercrime actors are actively weaponizing a vital flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS rating: 9.8) to deploy a beforehand undocumented ransomware known as Frag.
