Security researchers and agencies have sounded the alarm over the active exploitation of high-severity vulnerabilities in Progress Kemp LoadMaster and VMware vCenter Server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to act promptly to secure their networks.
Progress Kemp LoadMaster: CVE-2024-1212 (CVSS Score: 10.0)
A command injection vulnerability in Progress Kemp LoadMaster allows remote, unauthenticated attackers to execute arbitrary system commands.
Details
Recommendation: CISA has set a remediation deadline for Federal Civilian Executive Branch (FCEB) agencies to address this flaw by December 9, 2024.
VMware vCenter Server Flaws
Two vulnerabilities in VMware vCenter Server demonstrated during the Matrix Cup cybersecurity competition are also under scrutiny:
CVE-2024-38812 (CVSS Score: 9.8)
CVE-2024-38813 (CVSS Score: 7.5)
Growing Threat Landscape
The vulnerabilities in Progress Kemp and VMware vCenter join a series of recent high-profile flaws being weaponized, including:
Veeam Backup & Replication (CVE-2024-40711): Used to deploy the new Frag ransomware.
Recommended Actions
Stay Ahead of Threats
The active exploitation of these vulnerabilities highlights the importance of patch management and proactive monitoring. Cybercriminals are leveraging unpatched systems to compromise sensitive data and infrastructure—don’t let your organization be the next target.
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067