Cyber security news for all

More

    Exploitation of VMware vCenter and Kemp LoadMaster Vulnerabilities

    Recent revelations spotlight the active exploitation of security loopholes within Progress Kemp LoadMaster and VMware vCenter Server, underscoring the urgency of addressing these now-patched vulnerabilities.

    On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) incorporated CVE-2024-1212 (boasting a critical CVSS rating of 10.0) into its Known Exploited Vulnerabilities (KEV) catalog. This critical flaw in Progress Kemp LoadMaster, first rectified by Progress Software in February 2024, epitomizes a severe security hazard.

    The vulnerability allows remote attackers—without prior authentication—to manipulate the LoadMaster management interface, executing arbitrary commands on the underlying system. Rhino Security Labs, which unveiled and disclosed the flaw, detailed that such exploitation provides malicious actors complete administrative access to the load balancer through its web-based management interface.

    Coinciding with this, CISA highlighted Broadcom’s recent advisory on attackers leveraging two critical vulnerabilities within the VMware vCenter Server, previously showcased during China’s Matrix Cup Cybersecurity Competition earlier this year.

    The targeted VMware vulnerabilities include:

    1. CVE-2024-38812
      • Severity: CVSS 9.8
      • A heap-overflow defect in the DCERPC protocol implementation, enabling remote code execution for adversaries with network access.
    2. CVE-2024-38813
      • Severity: CVSS 7.5
      • A privilege escalation issue permitting network-accessible attackers to gain root-level permissions.

    While VMware resolved these vulnerabilities in September 2024, subsequent updates for CVE-2024-38812 were issued last month after initial patches were deemed insufficient.

    Imminent Action and Wider Implications

    Although tangible evidence of exploitation in active campaigns remains sparse, Federal Civilian Executive Branch (FCEB) agencies have been urged to secure their networks against CVE-2024-1212 by December 9, 2024. This directive underlines the escalating cyberthreat landscape.

    Further exacerbating the situation, cybersecurity firm Sophos recently disclosed that nefarious actors are weaponizing a critical vulnerability in Veeam Backup & Replication (CVE-2024-40711, CVSS 9.8) to deploy a novel ransomware strain, dubbed Frag.

    Concluding Perspective

    These developments emphasize the ceaseless evolution of cyber adversaries’ tactics. Organizations must remain vigilant, ensuring prompt remediation of such high-severity flaws to fortify their digital defenses against sophisticated threats.

    Recent Articles

    Related Stories