Now-patched safety flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come beneath lively exploitation within the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added CVE-2024-1212 (CVSS rating: 10.0), a maximum-severity safety vulnerability in Progress Kemp LoadMaster to its Recognized Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software program again in February 2024.
“Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” the company stated.
Rhino Safety Labs, which found and reported the flaw, stated profitable exploitation permits command execution on LoadMaster ought to an attacker have entry to the administrator net consumer interface, granting them full entry to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers are actually exploiting two safety flaws within the VMware vCenter Server, which had been demonstrated on the Matrix Cup cybersecurity competitors held in China earlier this 12 months.
The failings, CVE-2024-38812 (CVSS rating: 9.8) and CVE-2024-38813 (CVSS rating: 7.5), had been initially resolved in September 2024, though the corporate rolled out fixes for the previous a second-time final month, stating the earlier patches “did not fully address” the issue.
- CVE-2024-38812 – A heap-overflow vulnerability within the implementation of the DCERPC protocol that would allow a malicious actor with community entry to acquire distant code execution
- CVE-2024-38813 – A privilege escalation vulnerability that would allow a malicious actor with community entry to escalate privileges to root
Whereas there are at present no particulars on the noticed exploitation of those vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Govt Department (FCEB) companies remediate CVE-2024-1212 by December 9, 2024, to safe their networks.
The event comes days after Sophos revealed that cybercrime actors are actively weaponizing a important flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS rating: 9.8) to deploy a beforehand undocumented ransomware referred to as Frag.
