🚨 CRITICAL ALERT: Active Zero-Day Exploits
Immediate Action Required: The Progress Kemp LoadMaster management interface is actively exploited by unauthenticated attackers to execute arbitrary system commands, resulting in full device compromise and root privilege escalation [5][12]. CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed in-the-wild exploitation [5].
Critical Vulnerabilities (CVSS >= 8.0)
- CVE-2024-1212 (CVSS: 10.0): Unauthenticated remote command injection in the LoadMaster administrator web interface allows attackers to bypass authentication and execute OS commands as root [1][5]. View NVD | CISA KEV
âš¡ Immediate Actions Required
1. Patch Immediately: Upgrade all LoadMaster instances to the patched versions to close the command injection vector [3][4].
• LoadMaster 7.2.59.2 (GA) or later [4]
• LoadMaster 7.2.54.8 (LTSF) or later [4]
• LoadMaster 7.2.48.10 (LTS) or later [4]
• LoadMaster 7.1.59.16 or later [3]
• LoadMaster 7.0.59.16 or later [3]
2. Network Segmentation (If Patching Delayed): Restrict access to the LoadMaster management interface using firewall rules to allow traffic only from trusted administrative IP addresses [3][7].
3. Access Control Hardening: Deploy LoadMaster behind a VPN or bastion host to ensure authenticated access only, or disable remote management entirely if operational requirements permit [3].
4. Monitoring: Audit LoadMaster access logs for suspicious HTTP requests, failed authentication attempts, and unexpected command execution patterns [3][7].
CISA Directive: Apply vendor mitigations immediately or discontinue use of the product if patches are unavailable [3].

