A security vulnerability, identified as CVE-2024-7591, has been disclosed affecting all versions of LoadMaster and the LoadMaster Multi-Tenant (MT) hypervisor. The LoadMaster vulnerability is critical as it could potentially allow unauthorized remote attackers to execute arbitrary system commands by exploiting flaws in the management interface of LoadMaster.
Despite the lack of reported exploitation or direct impact on customers, all LoadMaster users must address this issue promptly. To mitigate risks and enhance the security of their systems, users are strongly encouraged to upgrade their LoadMaster implementations without delay.
Details of the LoadMaster Vulnerability
The LoadMaster vulnerability denoted as CVE-2024-7591, is a serious security flaw that could enable unauthenticated remote attackers to issue specially crafted HTTP requests. These requests can exploit the vulnerability to execute arbitrary system commands on affected LoadMaster systems. The primary issue arises from insufficient input sanitization of requests sent to the management interface.
To address this LoadMaster vulnerability, the LoadMaster development team has implemented a fix by sanitizing user input to prevent unauthorized command execution. This security enhancement is aimed at closing the vulnerability and protecting systems from potential attacks.
To protect their systems against this vulnerability, users must apply the latest security update. The add-on package, which includes an XML validation file, is available for all affected versions of LoadMaster and LoadMaster Multi-Tenant (MT) hypervisor. The details are as follows:
Affected Versions:
- LoadMaster: 7.2.60.0 and all prior versions
- Multi-Tenant Hypervisor: 7.1.35.11 and all prior versions
Patched Versions:
- The latest add-on package with an XML validation file was released on September 3, 2024.
Installation Instructions for Mitigating LoadMaster Vulnerability
Users are advised to download the add-on package using the provided links and install it via the System Configuration > System Administration > Update Software UI page. The installation of this update is necessary for both individual LoadMaster Virtual Network Functions (VNFs) and the Multi-Tenant hypervisor or Manager node.
Beyond applying the immediate patch, it is also recommended that users follow comprehensive security hardening guidelines. These guidelines provide further measures to upgrade system defenses and mitigate potential vulnerabilities. Users with current support contracts can seek assistance by opening a new Technical Support case in the customer community.
For those without an active support contract, contacting a Sales Account Manager for further assistance is advisable. By applying the recommended updates and adhering to security best practices, LoadMaster users can enhance the security and resilience of their systems.