securityaffairs<p><a href="https://infosec.exchange/tags/Progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Progress</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> fixed multiple high-severity <a href="https://infosec.exchange/tags/LoadMaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LoadMaster</span></a> flaws<br><a href="https://securityaffairs.com/174103/security/progress-software-loadmaster-software-flaws.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/174103/sec</span><span class="invisible">urity/progress-software-loadmaster-software-flaws.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
272active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#loadmaster
0 posts · 0 participants · 0 posts today
securityaffairs<p>U.S. <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> adds <a href="https://infosec.exchange/tags/Progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Progress</span></a> <a href="https://infosec.exchange/tags/Kemp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kemp</span></a> <a href="https://infosec.exchange/tags/LoadMaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LoadMaster</span></a>, <a href="https://infosec.exchange/tags/Palo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Palo</span></a> <a href="https://infosec.exchange/tags/Alto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Alto</span></a> Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog<br><a href="https://securityaffairs.com/171168/security/u-s-cisa-progress-kemp-loadmaster-palo-alto-networks-pan-os-and-expedition-bugs-known-exploited-vulnerabilities-catalog.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/171168/sec</span><span class="invisible">urity/u-s-cisa-progress-kemp-loadmaster-palo-alto-networks-pan-os-and-expedition-bugs-known-exploited-vulnerabilities-catalog.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/Progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Progress</span></a> Software fixed a maximum severity flaw in <a href="https://infosec.exchange/tags/LoadMaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LoadMaster</span></a><br><a href="https://securityaffairs.com/168192/uncategorized/progress-software-emergency-loadmaster-flaw.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/168192/unc</span><span class="invisible">ategorized/progress-software-emergency-loadmaster-flaw.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Not Simon<p><strong>Rhino</strong> Security Labs disclosed vulnerability details and proofs of concept for CVE-2024-2448 (8.4 high) authenticated command injection and CVE-2024-2449* (7.5 high) Cross-Site Request Forgery (CSRF) protection bypass in Progress Kemp Loadmaster. The CSRF could be combined with the command injection and leveraged to execute commands on LoadMaster load balancers by targeting a user of the administration web user interface (WUI). h/t <span class="h-card" translate="no"><a href="https://infosec.place/users/buherator" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>buherator</span></a></span> 🔗 <a href="https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">rhinosecuritylabs.com/research</span><span class="invisible">/cve-2024-2448-kemp-loadmaster/</span></a></p><p><a href="https://infosec.exchange/tags/CVE_2024_2448" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_2448</span></a> <a href="https://infosec.exchange/tags/CVE_2024_2449" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_2449</span></a> <a href="https://infosec.exchange/tags/Progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Progress</span></a> <a href="https://infosec.exchange/tags/Loadmaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Loadmaster</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofofconcept</span></a></p>
Not Simon<p><strong>SonicWall</strong> alleges that CVE-2024-1212 (CVSS: 10.0 critical, disclosed 08 February 2024 by Progress) is being exploited in the wild. "SonicWall sensors have confirmed active exploitation of these vulnerabilities." 🔗 <a href="https://blog.sonicwall.com/en-us/2024/03/progress-kemp-loadmaster-unauthenticated-command-injection-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.sonicwall.com/en-us/2024/</span><span class="invisible">03/progress-kemp-loadmaster-unauthenticated-command-injection-vulnerability/</span></a></p><p>cc: <span class="h-card" translate="no"><a href="https://infosec.place/users/buherator" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>buherator</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>campuscodi</span></a></span> </p><p>EDIT: SonicWall took down the blog post as of 1300 US Eastern 28 March 2024. </p><p><a href="https://infosec.exchange/tags/CVE_2024_1212" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_1212</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/Kemp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kemp</span></a> <a href="https://infosec.exchange/tags/LoadMaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LoadMaster</span></a> <a href="https://infosec.exchange/tags/Progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Progress</span></a></p>
Not Simon<p><strong>Rhino Security Labs</strong>, submitters of CVE-2024-1212 (CVSS: <strong>10.0 critical</strong>, disclosed 08 February 2024 by Progress) unauthenticated Command Injection<br>In Progress Kemp LoadMaster, released vulnerability details and a Proof of Concept. 🔗 <a href="https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">rhinosecuritylabs.com/research</span><span class="invisible">/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/</span></a> H/T <span class="h-card" translate="no"><a href="https://infosec.place/users/buherator" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>buherator</span></a></span> </p><p><a href="https://infosec.exchange/tags/CVE_2024_1212" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_1212</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/progress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>progress</span></a> <a href="https://infosec.exchange/tags/loadmaster" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>loadmaster</span></a> <a href="https://infosec.exchange/tags/proofofconcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofofconcept</span></a> <a href="https://infosec.exchange/tags/POC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>POC</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload