ZDI-26-053: Progress Kemp LoadMaster listapikeys RCE Vulnerability

TL;DR

Network-adjacent attackers can execute code on affected installations of Kemp LoadMaster if authentication is bypassed or compromised.

What happened

['Vulnerability discovered allowing RCE via listapikeys command injection']

Why it matters for ops

['Critical flaw enables network-adjacent attackers to gain control over systems requiring only auth credentials']

Mitigation

• Apply vendor-provided patches
• Restrict API key access
• Monitor for unusual activity

Action items

• Update to latest software version
• Enhance authentication mechanisms

Detection IOCs

• listapikeys command misuse
• unexpected outbound shell connections

Source link

http://www.zerodayinitiative.com/advisories/ZDI-26-053/