Progress Software has issued critical security patches for its MT Hypervisor and LoadMaster products following the discovery of a severe vulnerability, tracked as CVE-2024-7591. This vulnerability, which affects all LoadMaster releases and the LoadMaster Multi-Tenant (MT) hypervisor, could allow unauthenticated, remote attackers to execute arbitrary system commands through carefully crafted HTTP requests. While no active exploitation has been reported, Progress Software urges all customers to apply the security patches immediately to secure their environments.
Introduction
“The LoadMaster is an Application Delivery Controller (ADC) that optimizes the performance and availability of servers delivering important content to end-users, delivering requests to the best network servers as quickly and efficiently as possible, and continually checking the performance and security of the workload.
The LoadMaster appliance has two approved means of access. The first method (Console Access) is typically used to set up the initial IP address for the management interface. The second access method, Web User Interface (WUI) is used to manage and configure the LoadMaster. You can also use the Console Access method to restore the LoadMaster to a default state. The Console method is used to configure the LoadMaster to communicate with other components and to be accessible using Internet Protocol (IP) addressing using Hypertext Transfer Protocol Secure (HTTPS). After the initial configuration is completed, all administrative tasks are performed using a web browser using HTTPS” Prograss.
The Vulnerability: CVE-2024-7591
On September 5, 2024, Progress Software updated its advisory on the CVE-2024-7591 vulnerability affecting both LoadMaster and MT Hypervisor. The flaw allows unauthenticated attackers to exploit the management interface of the LoadMaster product to execute arbitrary system commands. This is achieved by sending specially crafted HTTP requests to the server, taking advantage of improper input validation.
The affected versions of LoadMaster include all releases up to version 7.2.60.0, and for the MT Hypervisor, all versions up to 7.1.35.11. The potential impact of this vulnerability is severe, as it allows remote code execution, which could be used to compromise entire networks or manipulate sensitive data.
Fixes and Recommendations
To mitigate the risks associated with CVE-2024-7591, Progress Software has released an add-on patch for both LoadMaster and the Multi-Tenant Hypervisor. Customers are advised to download the add-on and apply it immediately:
- LoadMaster Affected Versions: All versions up to and including 7.2.60.0.
- MT Hypervisor Affected Versions: All versions up to and including 7.1.35.11.
- Patched Versions: Customers must apply the “XML validation file” add-on package released on September 3, 2024, to secure their systems.
The patch addresses the vulnerability by sanitizing user input, thereby preventing arbitrary system command execution via the management interface.
Steps to Apply the Patch
- Download the Patch: Access the add-on package using the provided links from the Progress Software support portal.
- Install the Patch: Navigate to the System Configuration > System Administration > Update Software UI page to install the downloaded package.
- Verify Installation: Ensure that the patch is correctly installed by checking the version number and validating the XML files.
Progress Software also recommends that customers follow their security hardening guidelines and ensure their systems are updated and configured according to best practices. If any issues arise during the patching process, customers can contact Progress Software’s Technical Support team for assistance.
10 Tips to Avoid Future Vulnerabilities
- Regularly Update Software: Always keep your software up to date with the latest patches to protect against newly discovered vulnerabilities.
- Limit Access to Management Interfaces: Restrict access to management interfaces from trusted IP addresses only, reducing the attack surface.
- Implement Strong Authentication: Use multi-factor authentication (MFA) for administrative access to ensure an extra layer of security.
- Monitor Network Traffic: Regularly monitor and analyze network traffic to detect and respond to unusual activities that may indicate an attempted exploit.
- Employ Web Application Firewalls (WAFs): Use WAFs to filter and monitor HTTP traffic to and from web applications, protecting them from exploits.
- Disable Unnecessary Services: Turn off any unnecessary services and features on your devices and servers to minimize potential attack vectors.
- Conduct Regular Security Audits: Perform frequent security audits and vulnerability assessments to identify potential weaknesses before they are exploited.
- Backup Critical Data: Regularly back up critical data and ensure the backups are stored securely, isolated from the network to prevent ransomware attacks.
- Provide Security Training for Staff: Ensure all staff, especially those with administrative privileges, are trained in recognizing and responding to security threats.
- Stay Informed on Security Bulletins: Subscribe to relevant security bulletins from software vendors to stay updated on vulnerabilities and patches.
Conclusion
The discovery of CVE-2024-7591 in Progress Software’s LoadMaster and MT Hypervisor highlights the continuous need for vigilance and proactive security measures. The potential for remote code execution poses a serious risk to organizations that rely on these systems. Progress Software’s quick response and release of patches are commendable; however, the onus is now on customers to act swiftly and apply the necessary patches.
By following best practices and remaining informed, organizations can mitigate the risks of vulnerabilities and protect their critical assets from malicious actors. As cybersecurity threats continue to evolve, staying one step ahead is essential.
For more details on this vulnerability and patch, please refer to the official Progress Software Kemp
Want to stay on top of cybersecurity news? Follow us on Facebook – X (Twitter) – Instagram – LinkedIn – for the latest threats, insights, and updates!
