LoadMaster Vulnerability Security Update Advisory
Overview
An update has been made available to address a vulnerability in LoadMaster. users of affected versions are advised to update to the latest version.
Affected Products
Cve-2024-2448, cve-2024-2449
- LoadMaster versions: 7.2.55.0 (included) to 7.2.59.2 (excluded)
- LoadMaster Versions: 7.2.49.0 (included) to 7.2.54.8 (excluded)
- LoadMaster version: <= 7.2.48.10 (included)
- LoadMaster MT version: <= 7.1.35.10 (included)
Resolved Vulnerabilities
Vulnerability that could allow a logged in UI user with permission settings to inject commands into the UI using shell commands that execute commands only for the user in the context of that page (CVE-2024-2448)
Vulnerability that allows an attacker with prior knowledge of a specific LoadMaster’s IP or hostname to direct a LoadMaster administrator to a malicious site via a CSRF payload (CVE-2024-2449)
Vulnerability Patches
vulnerability patches were made available in the March 26, 2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
Cve-2024-2448, cve-2024-2449
- LoadMaster 7.2.59.3 (GA) version
- LoadMaster 7.2.54.9 (LTSF) version
- LoadMaster 7.2.48.11 (LTS) version
- LoadMaster MT 7.1.35.11 (MT) version
Referenced Sites
[1] CVE-2024-2448 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-2448
[2] CVE-2024-2449 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-2449
[3] LoadMaster Security Vulnerabilities CVE-2024-2448 and CVE-2024-2449