PT-2024-3305 · Kemp · Loadmaster
Published
2024-03-22
·
Updated
2025-02-11
·
CVE-2024-2448
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LoadMaster (affected versions not specified)
Description
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command, resulting in OS command injection. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Loadmaster