CVE-2024-56135: 
Progress LoadMaster vulnerability analysis and mitigation

Progress Software has disclosed a high-severity security vulnerability (CVE-2024-56135) in their LoadMaster application delivery controller. The vulnerability is an improper input validation issue that affects authenticated users and allows OS Command Injection. The affected versions include LoadMaster versions from 7.2.55.0 to 7.2.60.1, 7.2.49.0 to 7.2.54.12, 7.2.48.12 and all prior versions, as well as all ECS versions prior to 7.2.60.1 (Progress Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (High) with the following vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The flaw is categorized under CWE-20 (Improper Input Validation) and allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via carefully crafted HTTP requests (Hacker News).

If successfully exploited, the vulnerability allows authenticated attackers to execute arbitrary system commands on the affected LoadMaster systems. This could potentially lead to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected systems (Security Online).

Progress has released patches to address this vulnerability. Users are strongly advised to upgrade their LoadMaster implementations to the following versions: version 7.2.61.0 (GA) for LoadMaster versions 7.2.55.0 to 7.2.60.1, version 7.2.54.13 (LTSF) for versions 7.2.49.0 to 7.2.54.12, and users of version 7.2.48.12 and prior should upgrade to LTSF or GA releases (Hacker News).