CVE-2024-56133
Published: 05 February 2025
Description
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Security Summary
CVE-2024-56133 is an improper input validation vulnerability in Progress LoadMaster that enables OS command injection by authenticated users. The issue affects LoadMaster versions from 7.2.55.0 to 7.2.60.1 inclusive, from 7.2.49.0 to 7.2.54.12 inclusive, and 7.2.48.12 and all prior versions. It also impacts ECS in all versions prior to 7.2.60.1 inclusive. The vulnerability is classified under CWE-20 and carries a CVSS v3.1 base score of 8.4.
Exploitation requires an authenticated user with high privileges (PR:H) operating from an adjacent network (AV:A), with low attack complexity (AC:L) and no user interaction (UI:N). Successful attacks result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), with a changed scope (S:C), potentially allowing arbitrary OS command execution.
Progress has published a security advisory covering this and related vulnerabilities (CVE-2024-56131 through CVE-2024-56135) with mitigation guidance, available at https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135.
Details
- CWE(s)