The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog, indicating its active exploitation in the wild.
CVE-2024-1212 is an OS command injection flaw that allows unauthenticated, remote attackers to execute arbitrary system commands via the LoadMaster management interface. Though Progress Software issued a patch back in February 2024, recent reports indicate attackers are actively targeting unpatched systems.
Additionally, CISA's KEV catalog flags two Palo Alto Networks PAN-OS security issues (CVE-2024-0012 and CVE-2024-9474) as actively exploited. Both flaws were observed as part of exploitation activity tracked as ‘Operation Lunar Peek.’
In parallel, Broadcom has disclosed active exploitation of two VMware vCenter Server vulnerabilities. One of the flaws (CVE-2024-38812) is a heap-overflow vulnerability in the DCERPC protocol, enabling remote code execution for attackers with network access. The other vulnerability (CVE-2024-38813) is a privilege escalation issue allowing attackers with network access to escalate their privileges to root.
The above mentioned flaws, demonstrated earlier this year during the Matrix Cup cybersecurity competition in China, were initially patched in September 2024. However, Broadcom had to reissue a fix for CVE-2024-38812 in October 2024, admitting that the initial patch was incomplete.
With no available workarounds, experts strongly urge organizations to apply the latest updates immediately.