CVE-2024-56133

Name of the Vulnerable Software and Affected Versions LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1

Description The issue is related to improper input validation, allowing OS command injection for authenticated users. This can potentially lead to unauthorized system access and execution of malicious commands.

Recommendations For LoadMaster versions 7.2.48.12 and earlier, consider restricting access to sensitive system areas until a patch is available. For LoadMaster versions 7.2.49.0 through 7.2.54.12, restrict access to vulnerable API endpoints, such as those related to system command execution, until a patch is available. For LoadMaster versions 7.2.55.0 through 7.2.60.1, consider disabling any functionality that allows authenticated users to execute system commands until a patch is available. For ECS versions prior to 7.2.60.1, restrict access to system command execution functionality to minimize the risk of exploitation.