Progress Software program has launched safety updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that might outcome within the execution of arbitrary working system instructions.
Tracked as CVE-2024-7591 (CVSS rating: 10.0), the vulnerability has been described as an improper enter validation bug that leads to OS command injection.
“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted http request that will allow arbitrary system commands to be executed,” the corporate mentioned in an advisory final week.
“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”
The flaw impacts the next variations –
- LoadMaster (7.2.60.0 and all prior variations)
- Multi-Tenant Hypervisor (7.1.35.11 and all prior variations)
Safety researcher Florian Grunow has been credited with discovering and reporting the flaw. Progress mentioned it has discovered no proof of the vulnerability being exploited within the wild.
That mentioned, it is really helpful that customers apply the most recent fixes as quickly as doable by downloading an add-on package deal. The replace may be put in by navigating to System Configuration > System Administration > Replace Software program.
“We are encouraging all customers to upgrade their LoadMaster implementations as soon as possible to harden their environment,” the corporate mentioned. “We additionally strongly advocate that clients observe our safety hardening tips.”