A Critical Bug in Kemp LoadMaster Is Already Under Attack
A critical vulnerability in Progress Kemp LoadMaster, tracked with a CVSS score of 9.6, allows an attacker to inject operating system commands into the load balancer, potentially leading to full arbitrary code execution on the device.
Why it is serious
Load balancers sit at the front door of a network, routing traffic to the servers behind them. A compromised LoadMaster appliance does not just expose itself, it can become a launchpad for attacks against everything it is supposed to be protecting. Security researchers have already observed exploitation attempts in the wild, so this is not a theoretical risk sitting in a lab report.
What to do
If your organisation runs Kemp LoadMaster appliances, check Progress's advisory for the patched version and apply it as soon as possible. In the meantime, restrict management interface access to trusted networks only, rather than leaving it reachable from the wider internet.
Future Technology