Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for LoadMaster by Progress Software Corporation
CVE-2024-3544 (GCVE-0-2024-3544)
Vulnerability from cvelistv5 – Published: 2024-05-02 14:08 – Updated: 2024-08-01 20:12
VLAI
Title
LoadMaster Hardcoded SSH Key
Summary
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kemptechnologies.com/ | product |
| https://support.kemptechnologies.com/hc/en-us/art… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
|
| kemptechnologies | loadmaster |
Affected:
7.2.55.0\(ga\) , < 7.2.59.4
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\(ga\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.49.0\(ltsf\) , < 7.2.54.10
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\(ltsf\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.48.11\(lts\) , < 7.2.48.12
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\(lts\):*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:03:12.546232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:41:23.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"value": "\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:50.733Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Hardcoded SSH Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3544",
"datePublished": "2024-05-02T14:08:06.683Z",
"dateReserved": "2024-04-09T18:05:52.839Z",
"dateUpdated": "2024-08-01T20:12:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3543 (GCVE-0-2024-3543)
Vulnerability from cvelistv5 – Published: 2024-05-02 14:05 – Updated: 2024-08-08 14:59
VLAI
Title
LoadMaster Reversible Password Encryption Algorithm
Summary
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kemptechnologies.com/ | product |
| https://support.kemptechnologies.com/hc/en-us/art… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
|
| kemptechnologies | loadmaster |
Affected:
7.2.48.11\(lts\) , < 7.2.48.12
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\(lts\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.49.0\(ltsf\) , < 7.2.54.10
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\(ltsf\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.55.0\(ga\) , < 7.5.59.4
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\(ga\):*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.5.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:51:54.344919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:59:24.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u0026nbsp; Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:41.919Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Reversible Password Encryption Algorithm",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3543",
"datePublished": "2024-05-02T14:05:26.748Z",
"dateReserved": "2024-04-09T18:05:51.821Z",
"dateUpdated": "2024-08-08T14:59:24.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3544 (GCVE-0-2024-3544)
Vulnerability from nvd – Published: 2024-05-02 14:08 – Updated: 2024-08-01 20:12
VLAI
Title
LoadMaster Hardcoded SSH Key
Summary
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kemptechnologies.com/ | product |
| https://support.kemptechnologies.com/hc/en-us/art… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
|
| kemptechnologies | loadmaster |
Affected:
7.2.55.0\(ga\) , < 7.2.59.4
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\(ga\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.49.0\(ltsf\) , < 7.2.54.10
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\(ltsf\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.48.11\(lts\) , < 7.2.48.12
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\(lts\):*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:03:12.546232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:41:23.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"value": "\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:50.733Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Hardcoded SSH Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3544",
"datePublished": "2024-05-02T14:08:06.683Z",
"dateReserved": "2024-04-09T18:05:52.839Z",
"dateUpdated": "2024-08-01T20:12:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3543 (GCVE-0-2024-3543)
Vulnerability from nvd – Published: 2024-05-02 14:05 – Updated: 2024-08-08 14:59
VLAI
Title
LoadMaster Reversible Password Encryption Algorithm
Summary
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kemptechnologies.com/ | product |
| https://support.kemptechnologies.com/hc/en-us/art… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
|
| kemptechnologies | loadmaster |
Affected:
7.2.48.11\(lts\) , < 7.2.48.12
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\(lts\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.49.0\(ltsf\) , < 7.2.54.10
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\(ltsf\):*:*:*:*:*:*:* |
|
| kemptechnologies | loadmaster |
Affected:
7.2.55.0\(ga\) , < 7.5.59.4
(custom)
cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\(ga\):*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.5.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:51:54.344919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:59:24.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u0026nbsp; Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:41.919Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Reversible Password Encryption Algorithm",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3543",
"datePublished": "2024-05-02T14:05:26.748Z",
"dateReserved": "2024-04-09T18:05:51.821Z",
"dateUpdated": "2024-08-08T14:59:24.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}