Progress Software has released security updates for a maximum severity flaw in the LoadMaster and Multi-Tenant (MT) hypervisors that could lead to the execution of arbitrary operating system commands.
Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability was described as a typo validation error that leads to the execution of an OS command.
“Unauthenticated remote attackers with access to the LoadMaster management interface could issue a carefully crafted http request that would allow the execution of arbitrary system commands,” the company said in a statement. said in a consultation last week.
“This vulnerability was addressed by sanitizing a user-entered query to mitigate the execution of arbitrary system commands.”
The flaw affects the following versions −
- LoadMaster (7.2.60.0 and all previous versions)
- Multi-Tenant Hypervisor (7.1.35.11 and all previous versions)
Security researcher Florian Grunov is credited with discovering and reporting the flaw. Progress said it has found no evidence that the vulnerability is being exploited in the wild.
However, it is recommended that users apply the latest fixes as soon as possible by downloading the additional package. The update can be installed by going to System Configuration > System Administration > Update Software.
“We encourage all customers to update their LoadMaster implementations as soon as possible to harden their environments,” the company said. “We also strongly encourage customers to follow ours security enhancement recommendations.”
