Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3544

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.

Published

2024-05-02T15:15:07.053

Last Modified

2025-02-03T21:38:22.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-798
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	loadmaster	< 7.2.48.11	Yes
Application	progress	loadmaster	< 7.2.54.10	Yes
Application	progress	loadmaster	< 7.2.59.4	Yes

References

https://kemptechnologies.com/ Product ([email protected])
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 Product ([email protected])
https://kemptechnologies.com/ Product (af854a3a-2127-422b-91ae-364da2661108)
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 Product (af854a3a-2127-422b-91ae-364da2661108)