InfoSecBulletin Cybersecurity for mankind
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers.
CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed,” reads the security bulletin.
“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”
Loadmaster is an application delivery controller that helps large organizations to improve app performance, manage network traffic, and maintain high service availability.
The MT Hypervisor is a specialized version of Loadmaster, tailored for multi-tenant environment. It enables the concurrent operation of multiple virtual network functions on a single hardware platform.
CVE-2024-7591 affects Loadmaster version 7.2.60.0 and earlier, as well as MT Hypervisor version 7.1.35.11 and all prior releases.
