In a concerning development for cybersecurity, previously patched vulnerabilities in Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added CVE-2024-1212 to its Known Exploited Vulnerabilities (KEV) catalog. This critical vulnerability, which carries a maximum CVSS score of 10.0, was initially addressed by Progress Software in February 2024.

CVE-2024-1212 is an OS command injection vulnerability that allows unauthenticated, remote attackers to execute arbitrary system commands through the LoadMaster management interface. Rhino Security Labs, the cybersecurity firm that discovered and reported the flaw, explained that successful exploitation of this vulnerability enables attackers to gain full access to the load balancer if they can reach the administrator web user interface. This level of access could potentially allow attackers to manipulate network traffic and disrupt services.

Simultaneously, Broadcom has issued a warning regarding the exploitation of two significant security flaws in VMware vCenter Server, identified as CVE-2024-38812 and CVE-2024-38813. These vulnerabilities were demonstrated at the Matrix Cup cybersecurity competition held in China in June 2024. Although VMware initially resolved these issues in September 2024, a subsequent patch was necessary for CVE-2024-38812, as the initial fix did not fully mitigate the vulnerability.

• CVE-2024-38812 is a heap-overflow vulnerability in the implementation of the DCERPC protocol. This flaw could allow a malicious actor with network access to achieve remote code execution, potentially leading to complete system compromise.

• CVE-2024-38813 is a privilege escalation vulnerability that could enable an attacker with network access to escalate their privileges to root, granting them extensive control over the affected system.

While there are no detailed reports on the observed exploitation of these VMware vulnerabilities in real-world attacks, the potential impact underscores the importance of timely patching and vigilant monitoring. CISA has recommended that Federal Civilian Executive Branch (FCEB) agencies remediate CVE-2024-1212 by December 9, 2024, to secure their networks against potential threats.

This news comes on the heels of another significant cybersecurity alert from Sophos, which revealed that cybercriminals are actively weaponizing a critical flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS score: 9.8). This vulnerability is being exploited to deploy a previously undocumented ransomware strain known as Frag. The rapid evolution of these threats highlights the critical need for organizations to maintain robust cybersecurity defenses and stay informed about emerging vulnerabilities and exploits.

Read original article here