Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come beneath energetic exploitation within the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added CVE-2024-1212 (CVSS rating: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Identified Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software program again in February 2024.
“Progress Kemp LoadMaster incorporates an OS command injection vulnerability that enables an unauthenticated, distant attacker to entry the system by the LoadMaster administration interface, enabling arbitrary system command execution,” the company mentioned.
Rhino Safety Labs, which found and reported the flaw, mentioned profitable exploitation permits command execution on LoadMaster ought to an attacker have entry to the administrator net person interface, granting them full entry to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers at the moment are exploiting two security flaws within the VMware vCenter Server, which had been demonstrated on the Matrix Cup cybersecurity competitors held in China earlier this yr.
The issues, CVE-2024-38812 (CVSS rating: 9.8) and CVE-2024-38813 (CVSS rating: 7.5), had been initially resolved in September 2024, though the corporate rolled out fixes for the previous a second-time final month, stating the earlier patches “didn’t absolutely deal with” the issue.
- CVE-2024-38812 – A heap-overflow vulnerability within the implementation of the DCERPC protocol that might allow a malicious actor with community entry to acquire distant code execution
- CVE-2024-38813 – A privilege escalation vulnerability that might allow a malicious actor with community entry to escalate privileges to root
Whereas there are at present no particulars on the noticed exploitation of those vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Government Department (FCEB) businesses remediate CVE-2024-1212 by December 9, 2024, to safe their networks.
The event comes days after Sophos revealed that cybercrime actors are actively weaponizing a essential flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS rating: 9.8) to deploy a beforehand undocumented ransomware referred to as Frag.
