Ongoing intrusions leveraging a maximum severity Progress Kemp LoadMaster flaw and a pair of Palo Alto Networks PAN-OS Management Interface bugs have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies recommended to remediate the security issues by Dec. 9, BleepingComputer reports.
Widely leveraged application delivery controller and load-balancing solution LoadMaster has been impacted by the OS command injection vulnerability, tracked as CVE-2024-1212, which could be abused to enable unauthenticated remote system access and arbitrary system command execution, according to CISA, which has so far not observed any exploitation of the Rhino Security Labs-discovered bug in ransomware attacks. Meanwhile, newly added PAN-OS issues included the authentication bypass flaw, tracked as CVE-2024-0012, and the OS command injection vulnerability, tracked as CVE-2024-9474. Such an update to the KEV catalog comes months after Progress Software addressed another maximum severity LoadMaster flaw, tracked as CVE-2024-7591, which could be leveraged to enable remote management interface compromise.
