CISA this week warned organizations that it’s aware of attacks exploiting a vulnerability in Progress Software’s Kemp LoadMaster. 

The product, an application delivery controller (ADC) and load balancer, is affected by a critical vulnerability tracked as CVE-2024-1212, which CISA has added to its Known Exploited Vulnerabilities (KEV) catalog. 

The flaw has been described as an unauthenticated command injection issue affecting the Kemp LoadMaster web-based administration interface. An attacker can exploit the vulnerability to fully compromise a targeted appliance. 

Progress announced a patch for the vulnerability on February 7.

The flaw was discovered by Rhino Security Labs, which disclosed technical details on March 19, when it also made available a PoC exploit and a Metasploit module. Another exploitation path was made public in early April by Tenable. 

CISA has not released any information on the attacks exploiting CVE-2024-1212 and there do not appear to be any recent reports describing exploitation. 

However, SonicWall published a blog post on March 27, which mentioned that the company had seen thousands of attempts to exploit the vulnerability in late March.

SonicWall initially said it had “confirmed active exploitation”, but later updated its post to clarify that it had actually only seen exploitation attempts, not successful attacks. 

It’s unclear if CISA has added CVE-2024-1212 to its KEV catalog based on the old SonicWall report or if it has more recent information.

CISA previously warned organizations about other Progress product vulnerabilities being exploited in attacks, including ones affecting WhatsUp Gold and Telerik. 

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

Related: DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

Related: Organizations Warned of Exploited Fortinet FortiOS Vulnerability