CVE-2024-3544

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kemptechnologies.com/	Product
https://kemptechnologies.com/	Product
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543	Product
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:progress:loadmaster:::::ltsf:::*
	cpe:2.3:a:progress:loadmaster:::::ga:::*
	cpe:2.3:a:progress:loadmaster:::::lts:::*

History

03 Feb 2025, 21:38

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Progress Progress loadmaster
CPE		cpe:2.3:a:progress:loadmaster:::::ga:::* cpe:2.3:a:progress:loadmaster:::::ltsf:::* cpe:2.3:a:progress:loadmaster:::::lts:::*
References	~~() https://kemptechnologies.com/ -~~	() https://kemptechnologies.com/ - Product
References	~~() https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 -~~	() https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 - Product
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

02 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-02 15:15

Updated : 2025-02-03 21:38

NVD link : CVE-2024-3544

Mitre link : CVE-2024-3544

JSON object : View

Products Affected

progress

loadmaster

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kemptechnologies.com/", "name": "https://kemptechnologies.com/", "tags": ["Product"], "refsource": ""}, {"url": "https://kemptechnologies.com/", "name": "https://kemptechnologies.com/", "tags": ["Product"], "refsource": ""}, {"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "name": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "tags": ["Product"], "refsource": ""}, {"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "name": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-3544", "ASSIGNER": "security@progress.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}}, "publishedDate": "2024-05-02T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.54.10", "versionStartIncluding": "7.2.49.0"}, {"cpe23Uri": "cpe:2.3:a:progress:loadmaster:*:*:*:*:ga:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.59.4", "versionStartIncluding": "7.2.55.0"}, {"cpe23Uri": "cpe:2.3:a:progress:loadmaster:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.2.48.11"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-03T21:38Z"}