Development Device has addressed more than one high-severity safety flaws in its LoadMaster device that may be exploited via malicious actors to execute arbitrary device instructions or obtain any record from the device.
Kemp LoadMaster is a high-performance software supply controller (ADC) and cargo balancer that gives availability, scalability, functionality, and safety for business-critical packages and internet sites.
The recognized vulnerabilities are indexed underneath –
- CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, and CVE-2024-56135 (CVSS rankings: 8.4) – A suite of unsuitable enter validation vulnerabilities that permits far flung malicious actors who acquire get admission to to the control interface of LoadMaster and effectively authenticate to execute arbitrary device instructions by the use of a moderately crafted HTTP request
- CVE-2024-56134 (CVSS ranking: 8.4) – An unsuitable enter validation vulnerability that permits far flung malicious actors who acquire get admission to to the control interface of LoadMaster and effectively authenticate to obtain the content material of any record at the device by the use of a moderately crafted HTTP request
The next variations of the device are suffering from the issues –
- LoadMaster variations from 7.2.55.0 to 7.2.60.1 (inclusive) - Mounted in 7.2.61.0 (GA)
- LoadMaster variations from 7.2.49.0 to 7.2.54.12 (inclusive) – Mounted in 7.2.54.13 (LTSF)
- LoadMaster model 7.2.48.12 and prior – Improve to LTSF or GA
- Multi-Tenant LoadMaster model 7.1.35.12 and prior – Mounted in 7.1.35.13 (GA)
Development Device famous that it has no proof that any of the aforementioned vulnerabilities had been exploited within the wild. That stated, with up to now disclosed flaws weaponized via risk actors previously, you could that consumers practice the most recent patches for optimum coverage.