Article Details
Scrape Timestamp (UTC): 2024-11-19 06:32:32.985
Source: https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html
Original Article Text
Click to Toggle View
CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws. Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software back in February 2024. "Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution," the agency said. Rhino Security Labs, which discovered and reported the flaw, said successful exploitation enables command execution on LoadMaster should an attacker have access to the administrator web user interface, granting them full access to the load balancer. CISA's addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers are now exploiting two security flaws in the VMware vCenter Server, which were demonstrated at the Matrix Cup cybersecurity competition held in China earlier this year. The flaws, CVE-2024-38812 (CVSS score: 9.8) and CVE-2024-38813 (CVSS score: 7.5), were originally resolved in September 2024, although the company rolled out fixes for the former a second-time last month, stating the previous patches "did not fully address" the problem. While there are currently no details on the observed exploitation of these vulnerabilities in real-world attacks, CISA is recommending that Federal Civilian Executive Branch (FCEB) agencies remediate CVE-2024-1212 by December 9, 2024, to secure their networks. The development comes days after Sophos revealed that cybercrime actors are actively weaponizing a critical flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS score: 9.8) to deploy a previously undocumented ransomware called Frag.
Daily Brief Summary
CISA has announced the active exploitation of critical vulnerabilities in both Progress Kemp LoadMaster and VMware vCenter Server.
CVE-2024-1212, a high-severity flaw in Progress Kemp LoadMaster, enables unauthenticated remote attackers to execute arbitrary system commands.
This particular vulnerability was patched by Progress Software in February 2024 but continues to be exploited.
In addition, Broadcom reported that attackers are exploiting two patched vulnerabilities in VMware vCenter Server following their public demonstration earlier this year.
Despite patches being issued, continued exploitation highlights persistent risks and the importance of comprehensive patch management.
CISA has mandated Federal Civilian Executive Branch agencies to remediate the highlighted vulnerabilities urgently, with a deadline of December 9, 2024.
These incidents underscore continuous challenges in cybersecurity threat management and the need for agile responses to emerging cyber threats.