Full Report
Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
Analysis Summary
# Vulnerability: Progress LoadMaster Improper Input Validation Leading to Command Execution and File Read
## CVE Details
- CVE ID: CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135
- CVSS Score: 8.4 (High)
- CWE: Improper Input Validation (Implied for CVE-2024-56131 through 56135)
## Affected Systems
- Products: Progress Software LoadMaster
- Versions:
- GA Track: Versions 7.2.55.0 through 7.2.60.1 (inclusive)
- LTSF Track: Versions 7.2.49.0 through 7.2.54.12 (inclusive)
- Older Versions: 7.2.48.12 and prior (Requires upgrade to LTSF or GA fixed versions)
- Multi-Tenant: Version 7.1.35.12 and prior
- Configurations: Requires remote malicious actors to successfully authenticate and gain access to the LoadMaster management interface.
## Vulnerability Description
A set of improper input validation vulnerabilities exist in Progress LoadMaster software. If successfully exploited, these flaws allow a remote, authenticated attacker to execute arbitrary system commands on the underlying system (CVE-2024-56131, -56132, -56133, -56135) or download the content of any file on the system via a carefully crafted HTTP request (CVE-2024-56134).
## Exploitation
- Status: Not exploited in the wild (As per vendor advisory provided in the source)
- Complexity: Implied Medium/High, as successful exploitation requires prior successful authentication to the management interface.
- Attack Vector: Network (Remote)
## Impact
- Confidentiality: High (Due to arbitrary file read capability via CVE-2024-56134)
- Integrity: High (Due to arbitrary system command execution capability)
- Availability: Potential Impact (Depending on the nature of executed commands)
## Remediation
### Patches
The following versions contain fixes for the reported vulnerabilities:
- **GA Track:** Fixed in version **7.2.61.0**.
- **LTSF Track:** Fixed in version **7.2.54.13**.
- **Multi-Tenant Track:** Fixed in version **7.1.35.13**.
### Workarounds
- Users on versions prior to the patched releases are advised to upgrade to the respective fixed General Availability (GA) or Long Term Support Feature (LTSF) releases.
- For versions 7.2.48.12 and prior, upgrade to the latest available LTSF or GA version.
## Detection
- **Indicators of Compromise:** Look for unusual system commands executed from the LoadMaster management process or unexpected network activity originating from or relating to the LoadMaster appliance.
- **Detection Methods and Tools:** Monitor the management interface logs for successful authentications followed by high-entropy or known malicious HTTP request patterns targeting input fields vulnerable to command injection or path traversal.
## References
- Vendor Advisory: community dot progress dot com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135
- NVD Link (Example format for one CVE): nvd dot nist dot gov/vuln/detail/CVE-2024-56131