🚨 CRITICAL ALERT: Active Zero-Day Exploits

Immediate Action Required: The Progress Kemp LoadMaster management interface is actively exploited by unauthenticated attackers to execute arbitrary system commands, resulting in full device compromise and root privilege escalation [5][12]. CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed in-the-wild exploitation [5].

Critical Vulnerabilities (CVSS >= 8.0)

  • CVE-2024-1212 (CVSS: 10.0): Unauthenticated remote command injection in the LoadMaster administrator web interface allows attackers to bypass authentication and execute OS commands as root [1][5]. View NVD | CISA KEV

âš¡ Immediate Actions Required

1. Patch Immediately: Upgrade all LoadMaster instances to the patched versions to close the command injection vector [3][4].
  • LoadMaster 7.2.59.2 (GA) or later [4]
  • LoadMaster 7.2.54.8 (LTSF) or later [4]
  • LoadMaster 7.2.48.10 (LTS) or later [4]
  • LoadMaster 7.1.59.16 or later [3]
  • LoadMaster 7.0.59.16 or later [3]

2. Network Segmentation (If Patching Delayed): Restrict access to the LoadMaster management interface using firewall rules to allow traffic only from trusted administrative IP addresses [3][7].

3. Access Control Hardening: Deploy LoadMaster behind a VPN or bastion host to ensure authenticated access only, or disable remote management entirely if operational requirements permit [3].

4. Monitoring: Audit LoadMaster access logs for suspicious HTTP requests, failed authentication attempts, and unexpected command execution patterns [3][7].

CISA Directive: Apply vendor mitigations immediately or discontinue use of the product if patches are unavailable [3].