CVE-2024-7591

Name of the Vulnerable Software and Affected Versions LoadMaster versions 7.2.40.0 and above ECS versions (all versions) Multi-Tenancy versions 7.1.35.4 and above

Description The issue is related to an improper input validation vulnerability in Progress LoadMaster, allowing OS Command Injection. This vulnerability enables potential malicious actors to execute commands on the underlying operating system without authentication. The vulnerability is critical and has been described as an improper input validation bug that results in OS command injection. Unauthenticated, remote attackers can execute system commands.

Recommendations For LoadMaster versions 7.2.40.0 and above: Apply the emergency patch released by Progress Software to fix the vulnerability. For ECS versions (all versions): Apply the security updates released by Progress Software to fix the vulnerability. For Multi-Tenancy versions 7.1.35.4 and above: Apply the security updates released by Progress Software to fix the vulnerability. As a temporary workaround, consider restricting access to the management interface of LoadMaster to minimize the risk of exploitation.