FortiGuard Outbreak Alert: Progress Kemp LoadMaster OS Command Injection Vulnerability
| Description | Progress Kemp LoadMaster is a load balancer and application delivery controller for applications and websites.
Progress Kemp LoadMaster has a vulnerability (CVE-2024-1212) where unauthenticated users could send specially crafted request to achieve remote code execution on the server.
The following versions of Progress Kemp LoadMaster are vulnerable to CVE-2024-1212: 7.2.48.1 ≤ Version < 7.2.48.10 7.2.54.0 ≤ Version < 7.2.54.8 7.2.55.0 ≤ Version < 7.2.59.2 | ||||||
| CVE ID | CVE-2024-1212 (https://nvd.nist.gov/vuln/detail/CVE-2024-1212) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v2024.11+
| ||||||
| Playbook | N/A | ||||||
| Threat Hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Progress Kemp LoadMaster OS Command Injection Vulnerability” related activities All IOCs listed above have been added to Threat Intelligence Intel | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2057720 -> ET EXPLOIT Progress Kemp LoadMaster RCE Attempt Inbound (CVE-2024-1212) 2056142 -> ET WEB_SPECIFIC_APPS Progress Kemp Loadmaster Unauthenticated Command Injection (CVE-2024-1212) | ||||||
| Other Fortinet Product | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to |