This document has been written for the IT teams of organisations and government.
Background / What has happened?
- ASD’s ACSC is aware of a vulnerability in Progress Kemp products.
- CVE-2024-1212 allows for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a crafted API command that will allow execution of arbitrary system commands.
- This CVE also impacts Progress Kemp’s ECS Connection Manager Product.
- Progress Kemp has assessed the vulnerability as critical with a rating of CVSS 10.
- ASD’s ACSC has not received reports of active exploitation of this CVE at this time.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of the Progress Kemp products, and consult Progress Kemp’s customer advisory (CVE-2024-1212 Vulnerability) for mitigation advice.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).