Now-patched safety flaws impacting Growth Kemp LoadMaster and VMware vCenter Server have come beneath lively exploitation within the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added CVE-2024-1212 (CVSS ranking: 10.0), a maximum-severity safety vulnerability in Growth Kemp LoadMaster to its Identified Exploited Vulnerabilities (KEV) catalog. It used to be addressed by means of Growth Tool again in February 2024.
“Growth Kemp LoadMaster accommodates an OS command injection vulnerability that permits an unauthenticated, faraway attacker to get admission to the device throughout the LoadMaster control interface, enabling arbitrary device command execution,” the company mentioned.
Rhino Safety Labs, which came upon and reported the flaw, mentioned a success exploitation permits command execution on LoadMaster will have to an attacker have get admission to to the administrator internet consumer interface, granting them complete get admission to to the weight balancer.
CISA’s addition of CVE-2024-1212 coincides with a caution from Broadcom that attackers at the moment are exploiting two safety flaws within the VMware vCenter Server, which have been demonstrated on the Matrix Cup cybersecurity pageant held in China previous this 12 months.
The issues, CVE-2024-38812 (CVSS ranking: 9.8) and CVE-2024-38813 (CVSS ranking: 7.5), have been firstly resolved in September 2024, even supposing the corporate rolled out fixes for the previous a second-time closing month, pointing out the former patches “didn’t absolutely deal with” the issue.
- CVE-2024-38812 – A heap-overflow vulnerability within the implementation of the DCERPC protocol that would allow a malicious actor with community get admission to to acquire faraway code execution
- CVE-2024-38813 – A privilege escalation vulnerability that would allow a malicious actor with community get admission to to escalate privileges to root
Whilst there are recently no main points at the seen exploitation of those vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Government Department (FCEB) businesses remediate CVE-2024-1212 by means of December 9, 2024, to protected their networks.
The advance comes days after Sophos printed that cybercrime actors are actively weaponizing a vital flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS ranking: 9.8) to deploy a in the past undocumented ransomware known as Frag.