Washington, D.C. – 19 November 2024– CISA alerts organizations about active exploitation of VMware and Kemp vulnerabilities. Urgent patches needed to avoid severe disruptions and attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about the active exploitation of severe vulnerabilities in VMware vCenter Server and Progress Kemp LoadMaster systems. These flaws, which allow attackers to execute remote code and escalate privileges, have been flagged as major risks to organizations globally.
The Kemp LoadMaster vulnerability (CVE-2024-1212), rated a maximum CVSS score of 10.0, involves an OS command injection flaw. It allows remote attackers to execute arbitrary commands via the LoadMaster management interface. This exploit, reported by Rhino Security Labs, is already being weaponized despite patches being released in early 2024.
Meanwhile, VMware vCenter Server faces exploitation of two critical vulnerabilities:
- CVE-2024-38812 (CVSS 9.8) enables remote code execution via a heap-overflow in the DCERPC protocol.
- CVE-2024-38813 (CVSS 7.5) allows privilege escalation to root access.
These flaws were initially patched in September 2024, but attackers continue to exploit weakly secured or unpatched systems.
Organizations must act now to remediate these vulnerabilities to prevent significant disruptions.
CISA has directed Federal Civilian Executive Branch (FCEB) agencies to address the Kemp LoadMaster flaw by December 9, 2024. The urgency stems from rising incidents of cybercriminals exploiting unpatched systems, as highlighted in a recent report on rising ransomware attacks.
The active exploitation of these flaws underscores the critical need for immediate updates and stronger cybersecurity practices. Experts warn that failure to act could result in widespread data breaches and operational disruptions.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
