Progress Software program has launched safety updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that would outcome within the execution of arbitrary working system instructions.
Tracked as CVE-2024-7591 (CVSS rating: 10.0), the vulnerability has been described as an improper enter validation bug that ends in OS command injection.
“It’s attainable for unauthenticated, distant attackers who’ve entry to the administration interface of LoadMaster to concern a fastidiously crafted http request that may enable arbitrary system instructions to be executed,” the corporate mentioned in an advisory final week.
“This vulnerability has been closed by sanitizing request person enter to mitigate arbitrary system instructions execution.”
The flaw impacts the next variations –
- LoadMaster (7.2.60.0 and all prior variations)
- Multi-Tenant Hypervisor (7.1.35.11 and all prior variations)
Safety researcher Florian Grunow has been credited with discovering and reporting the flaw. Progress mentioned it has discovered no proof of the vulnerability being exploited within the wild.
That mentioned, it is advisable that customers apply the most recent fixes as quickly as attainable by downloading an add-on package deal. The replace could be put in by navigating to System Configuration > System Administration > Replace Software program.
“We’re encouraging all clients to improve their LoadMaster implementations as quickly as attainable to harden their atmosphere,” the corporate mentioned. “We additionally strongly suggest that clients comply with our safety hardening tips.”
