Active Exploitation of VMware and Kemp LoadMaster Vulnerabilities
Active Exploitation of Security Flaws in Progress Kemp LoadMaster and VMware vCenter Server: What You Need to Know
Recent reports indicate that critical security vulnerabilities affecting Progress Kemp LoadMaster and VMware vCenter Server are now being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-1212, a high-severity vulnerability in Progress Kemp LoadMaster, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 10.0, allows unauthenticated remote attackers to execute arbitrary commands on affected systems, posing a significant risk to organizations.
Understanding the CVE-2024-1212 Vulnerability
Progress Kemp LoadMaster is susceptible to an OS command injection vulnerability that enables attackers to gain unauthorized access through the LoadMaster management interface. This flaw was initially addressed by Progress Software in February 2024. According to Rhino Security Labs, the successful exploitation of CVE-2024-1212 can lead to full administrative access, allowing attackers to execute commands on the load balancer.
VMware vCenter Server Vulnerabilities Under Attack
In addition to the issues with Progress Kemp LoadMaster, CISA has also raised alarms regarding two critical vulnerabilities in VMware vCenter Server: CVE-2024-38812 (CVSS score: 9.8) and CVE-2024-38813 (CVSS score: 7.5). These vulnerabilities were showcased at the Matrix Cup cybersecurity competition in June and were resolved in September 2024. However, VMware issued a second fix for CVE-2024-38812 last month, stating that the initial patches did not fully address the issues.
- CVE-2024-38812: A heap-overflow vulnerability that could allow a network-accessible attacker to execute remote code.
- CVE-2024-38813: A privilege escalation vulnerability that enables an attacker to gain root access through network access.
Urgent Recommendations from CISA
While there have been no confirmed real-world attacks exploiting these vulnerabilities, CISA is urging Federal Civilian Executive Branch (FCEB) agencies to remediate CVE-2024-1212 by December 9, 2024, to protect their networks. On November 20, 2024, CISA also included the VMware vCenter Server vulnerabilities in its KEV catalog, requiring agencies to implement vendor-recommended mitigations by December 11, 2024.
Recent Developments in Cybersecurity Threats
This news comes shortly after Sophos reported that cybercriminals are using a critical flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS score: 9.8) to deploy a new ransomware variant known as Frag. Additionally, SonicWall detected exploitation attempts against CVE-2024-1212 in late March 2024, although details on the nature of these attacks remain unclear.
Conclusion: Stay Vigilant Against Cyber Threats
As organizations continue to navigate the complexities of cybersecurity, it is crucial to remain vigilant and proactive in addressing known vulnerabilities. For further insights into cybersecurity threats and best practices, consider exploring our related articles or sharing your thoughts in the comments below.
For ongoing updates, follow us on Twitter and LinkedIn to stay informed about the latest cybersecurity developments.
Learn more about cybersecurity measures here | Read about the latest vulnerabilities