CVE-2024-1212
LoadMaster Pre-Authenticated OS Command Injection
Description
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
In plain language
AI Act nowCVE-2024-1212 is a critical flaw in LoadMaster where anyone on the network can send a crafted request and run commands on the device, with no login required—small businesses should treat this as an urgent emergency if your LoadMaster management interface is reachable.
Unauthenticated network command injection in LoadMaster management interface allows arbitrary system command execution (CWE-78), with no user interaction; this is listed in CISA KEV for real-world exploitation and requires mitigation by 2024-12-09.
What to do now
- Check whether your LoadMaster management interface is reachable from the internet or other untrusted networks (and confirm if it is exposed by firewall/port-forwarding).
- If it is reachable, plan an immediate upgrade to one of the fixed LoadMaster versions.
- Upgrade LoadMaster to 7.2.48.10, 7.2.54.8, or 7.2.59.2 (use the highest version your environment supports).
- If you cannot upgrade right away, follow the vendor’s mitigation steps from the Kemp Technologies security advisory and restrict access to the management interface as required.
- After changes, verify the management interface is no longer reachable from untrusted networks and monitor the device for suspicious activity.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2024-1212 and every CVE in our database. Create a free account — no credit card required.
Create Free Account