Critical Vulnerabilities in VMware vCenter and Kemp LoadMaster Under Active Exploitation
2024-11-19
Learn about the critical importance of patch management and the opportunity to showcase CloudGuard's capabilities in defending against emerging threats and vulnerabilities in VMware and Progress Kemp LoadMaster environments.
The article highlights active exploitation of critical vulnerabilities in VMware vCenter and Kemp LoadMaster, as noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The Kemp LoadMaster flaw, a command injection vulnerability, allows remote attackers full system access through the management interface and was patched in February 2024. VMware vCenter Server is also under attack due to two security flaws, initially resolved in September 2024, but requiring further patching last month. Additionally, a severe vulnerability in Veeam Backup & Replication is being exploited to deploy new ransomware. These incidents underscore the need for timely patch management and vigilance against emerging threats.
Patch Management, Web App/Website Vulnerability, Malware
VMware vCenter, Progress Kemp LoadMaster, CVE-2024-1212, CVE-2024-38812, Veeam Backup & Replication, Ransomware, Patch Management
CVE-2024-1212; CVE-2024-38812; CVE-2024-38813; CVE-2024-40711
VMware vCenter, Progress Kemp LoadMaster, Veeam Backup & Replication
The cybersecurity landscape is currently facing significant threats due to active exploitation of severe vulnerabilities in VMware vCenter and Progress Kemp LoadMaster. These vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, highlighting their critical nature. Progress Kemp LoadMaster is affected by a critical OS command injection vulnerability, identified as CVE-2024-1212. This flaw has a maximum severity score of 10.0 on the CVSS scale, indicating its high risk. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary system commands through the LoadMaster management interface. This means that if an attacker gains access to the administrator web user interface, they can achieve full control over the load balancer. Progress Software addressed this issue with a patch in February 2024, but it remains actively exploited. VMware vCenter Server is also under scrutiny due to two significant security flaws, CVE-2024-38812 and CVE-2024-38813. These vulnerabilities were showcased at the Matrix Cup cybersecurity competition in China earlier this year. With CVSS scores of 9.8 and 7.5 respectively, these flaws pose substantial risks. Although initially resolved in September 2024, VMware had to release additional patches for CVE-2024-38812 last month, as the earlier fixes did not completely mitigate the issue. In a related development, cybercriminals are exploiting a critical vulnerability in Veeam Backup & Replication, identified as CVE-2024-40711 with a CVSS score of 9.8. This exploitation is being used to deploy a newly discovered ransomware known as Frag. The active weaponization of this flaw underscores the urgent need for organizations to apply patches promptly. These incidents emphasize the critical importance of patch management and maintaining vigilance against emerging cybersecurity threats. Organizations must prioritize the timely application of security updates to protect their systems from exploitation. With attackers actively targeting these vulnerabilities, understanding and mitigating these risks is crucial for maintaining robust cybersecurity defenses.Critical Vulnerabilities in VMware vCenter and Kemp LoadMaster Under Active Exploitation
Overview
Kemp LoadMaster Vulnerability
VMware vCenter Server Flaws
Veeam Backup & Replication Threat
Implications for Cybersecurity
https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html?m=1