CVE-2024-7591

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7591
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591
https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*
cpe:2.3:o:kemptechnologies:multi-tenant_hypervisor_firmware:*:*:*:*:*:*:*:*
History

18 Feb 2025, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://url.us.m.mimecastprotect.com/s/m_v3CkRgEgSz2vDGUQi8HGPtBQ?domain=insinuator.net', 'source': 'security@progress.com'}
  • () https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591 -

17 Feb 2025, 17:15

Type Values Removed Values Added
References
  • () https://url.us.m.mimecastprotect.com/s/m_v3CkRgEgSz2vDGUQi8HGPtBQ?domain=insinuator.net -
CVSS v2 : unknown
v3 : 7.2 		v2 : unknown
v3 : 10.0

16 Oct 2024, 15:15

Type Values Removed Values Added
CWE CWE-20

19 Sep 2024, 18:19

Type Values Removed Values Added
References () https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 - () https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 - Patch, Vendor Advisory
First Time Kemptechnologies
Kemptechnologies multi-tenant Hypervisor Firmware
Kemptechnologies loadmaster
CPE cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*
cpe:2.3:o:kemptechnologies:multi-tenant_hypervisor_firmware:*:*:*:*:*:*:*:*
CWE CWE-78
CVSS v2 : unknown
v3 : 10.0 		v2 : unknown
v3 : 7.2

06 Sep 2024, 12:08

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de validación de entrada incorrecta en Progress LoadMaster permite la inyección de comandos del sistema operativo. Este problema afecta a: * LoadMaster: 7.2.40.0 y superiores * ECS: todas las versiones * Multi-Tenancy: 7.1.35.4 y superiores

05 Sep 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-05 18:15

Updated : 2025-02-18 16:15

NVD link : CVE-2024-7591

Mitre link : CVE-2024-7591

CVE.ORG link : CVE-2024-7591

JSON object : View

Products Affected

kemptechnologies

  • loadmaster
  • multi-tenant_hypervisor_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')