Progress Software program has launched security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that would consequence within the execution of arbitrary working system instructions.
Tracked as CVE-2024-7591 (CVSS rating: 10.0), the vulnerability has been described as an improper enter validation bug that ends in OS command injection.
“It’s doable for unauthenticated, distant attackers who’ve entry to the administration interface of LoadMaster to challenge a rigorously crafted http request that can permit arbitrary system instructions to be executed,” the corporate stated in an advisory final week.
“This vulnerability has been closed by sanitizing request consumer enter to mitigate arbitrary system instructions execution.”
The flaw impacts the next variations –
- LoadMaster (7.2.60.0 and all prior variations)
- Multi-Tenant Hypervisor (7.1.35.11 and all prior variations)
Safety researcher Florian Grunow has been credited with discovering and reporting the flaw. Progress stated it has discovered no proof of the vulnerability being exploited within the wild.
That stated, it is advisable that customers apply the newest fixes as quickly as doable by downloading an add-on package deal. The replace will be put in by navigating to System Configuration > System Administration > Replace Software program.
“We’re encouraging all clients to improve their LoadMaster implementations as quickly as doable to harden their surroundings,” the corporate stated. “We additionally strongly advocate that clients observe our security hardening pointers.”
