Kemp LoadMaster Load Balancer contains five high-severity vulnerabilities that can cause major disruptions to a network upon a successful exploitation. Review this Cybersecurity Threat Advisory to learn how to protect against these vulnerabilities.
What is the threat?
Kemp LoadMaster disclosed five high severity vulnerabilities of which are actively exploited in the wild. Four of the five vulnerabilities are arbitrary remote command execution vulnerabilities. An authenticated attacker can run various system commands by sending a specially crafted HTTP request to the management port. This could potentially lead to device compromise, giving a threat actor control over the load balancer but potentially access to other areas of the network, such as the devices behind the load balancer. This includes the following CVEs:
- CVE-2024-56131
- CVE-2024-56132
- CVE-2024-56133
- CVE-2024-56135
The fifth vulnerability, CVE-2024-56134, represents an arbitrary remote file read vulnerability. It can be exploited with specially crafted HTTP requests over the management port. Exploiting the vulnerability enables a threat actor access to any confidential files on the load balancer, such as system configurations.
Why is it noteworthy?
Since load balancers are often placed in line with critical services and behind network security measure, a threat actor with control over a load balancer can cause significant disruption to the network. Critical services could potentially be taken offline for a significant amount of time.
What is the exposure or risk?
As these vulnerabilities impacts both the management interface and authentication process, an exploit of these vulnerabilities can have significant impact to an organization. The exposure level differs depending on existing security practices. For instance, if an organization uses a locked-down VPN or an air-gapped computer to access management networks, you are significantly less likely to have this vulnerability exploited than organizations with flat networks. An organization with poor password management are at a much higher risk.
What are the recommendations?
Barracuda recommends the following actions to limit exposure to these vulnerabilities:
- Update to the latest Kemp LoadMaster version.
- Practice strong password hygiene.
- Use a password manager that supports password sharing to handle shared account credentials.
- Implement good network segmentation and place proper security controls on administrative network segments.
- Add web application firewall (WAF) to secure applications.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2025/02/progress-software-patches-high-severity.html
- https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.