CVE-2024-1212 Exploitation - Progress Kemp LoadMaster Unauthenticated Command Injection

    Thursday, August 8, 2024 In: Threat Research Print

    Date: 08/08/2024

    Severity: High

    Summary

    CVE-2024-1212 is a critical unauthenticated command injection vulnerability in Kemp LoadMaster that allows remote attackers to execute arbitrary commands on the affected devices. It’s crucial for users to apply patches and follow best practices to secure their systems against this threat.

    Indicators of Compromise (IOC) List

    cs-method

    GET

    cs-uri-stem

    '/access/set'

    'param=enableapi'

    'value=1'

    httpheadervalue

    'Basic Jz'

     'Basic c7'

     'Basic nO'

     "Basic ';"

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    Resourcesname = "SymantecWSS" and csmethod = "GET" and csuristem in ("/access/set", "param=enableapi", "value=1") and httpheadervalue in  ("Basic Jz", "Basic c7", "Basic nO", "Basic ';")

    Detection Query 2

    technologygroup = "EDR"  and csmethod = "GET" and csuristem in ("/access/set", "param=enableapi", "value=1") and httpheadervalue in  ("Basic Jz", "Basic c7", "Basic nO", "Basic ';")

    Reference: 

    https://github.com/SigmaHQ/sigma/blob/master/rules-emerging-threats/2024/Exploits/CVE-2024-1212/web_exploit_cve_2024_1212_.yml

     

     


    Tags

    SigmaExploitCVE - 2024

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.