Loadmaster
CVE-2024-8755
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
AnalysisAI
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) Affected products include: Progress Loadmaster.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Loadmaster
View allUnauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary s
Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object S
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMas
An OS command injection vulnerability has been identified in LoadMaster. Rated high severity (CVSS 8.8), this vulnerabil
OS command injection in Progress LoadMaster and related ADC products allows authenticated administrators with 'All' perm
Command injection in Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF allow
OS command injection in Progress LoadMaster, MOVEit WAF, ECS Connections Manager, and Object Scale Connection Manager AP
Command injection in Progress LoadMaster and related ADC products allows authenticated attackers with Geo Administration
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rate
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rate
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rate
Same weakness CWE-20 – Improper Input Validation
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today