CVE-2024-6658: 
Progress LoadMaster vulnerability analysis and mitigation

CVE-2024-6658 is a security vulnerability affecting Progress LoadMaster that allows OS Command Injection through Improper Input Validation. The vulnerability affects multiple versions of LoadMaster including versions 7.2.55.0 to 7.2.60.0, 7.2.49.0 to 7.2.54.11, 7.2.48.12 and prior versions, Multi-Tenant Hypervisor 7.1.35.11 and prior versions, and ECS all versions prior to 7.2.60.0 (NVD).

The vulnerability is classified as an Improper Input Validation issue (CWE-20) that can lead to OS Command Injection when exploited by an authenticated user. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) (NVD).

When successfully exploited, this vulnerability allows an authenticated attacker to execute operating system commands on the affected LoadMaster systems. The high CVSS score indicates potential severe impacts on the confidentiality, integrity, and availability of the system (NVD).

Progress has released information about this vulnerability through their support portal. Users are advised to review the security advisory and implement recommended mitigations (Kemp Support).