CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://kemptechnologies.com/	Product
https://kemptechnologies.com/	Product
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543	Product
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:progress:loadmaster:::::ltsf:::*
	cpe:2.3:a:progress:loadmaster:::::ga:::*
	cpe:2.3:a:progress:loadmaster:7.2.48.11::::lts:::

History

10 Feb 2025, 15:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:progress:loadmaster:::::ga:::* cpe:2.3:a:progress:loadmaster:7.2.48.11::::lts::: cpe:2.3:a:progress:loadmaster:::::ltsf:::*
References	~~() https://kemptechnologies.com/ -~~	() https://kemptechnologies.com/ - Product
References	~~() https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 -~~	() https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 - Product
CWE		CWE-522
First Time		Progress Progress loadmaster
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

02 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-02 14:15

Updated : 2025-02-10 15:16

NVD link : CVE-2024-3543

Mitre link : CVE-2024-3543

JSON object : View

Products Affected

progress

loadmaster

CWE

CWE-522

Insufficiently Protected Credentials

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kemptechnologies.com/", "name": "https://kemptechnologies.com/", "tags": ["Product"], "refsource": ""}, {"url": "https://kemptechnologies.com/", "name": "https://kemptechnologies.com/", "tags": ["Product"], "refsource": ""}, {"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "name": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "tags": ["Product"], "refsource": ""}, {"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "name": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-522"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-3543", "ASSIGNER": "security@progress.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-05-02T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.54.10", "versionStartIncluding": "7.2.49.0"}, {"cpe23Uri": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ga:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.59.4", "versionStartIncluding": "7.2.55.0"}, {"cpe23Uri": "cpe:2.3:a:progress:loadmaster:7.2.48.11:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-10T15:16Z"}