Progress Kemp LoadMaster (load balancer) Firmware update

Sicherheit (Pexels, allgemeine Nutzung)[German]Quick note for administrators who use the load balancer LoadMaster from Progress Kemp. The provider has provided various firmware updates for its LoadMaster as of February 7, 2024. These should be installed immediately. Addendum: Information about CVE-2024-1212 in Progress Kemp LoadMaster added.


Progress Kemp offers the LoadMaster load balancer, which is designed to provide load balancing. In its simplest form, a load balancer offers the option of forwarding application users to the most powerful and accessible server.

Here is the link for the LoadMaster firmware release LTSF. Due to the updates – only accessible to customers – the product should have the following patch versions:

  • (GA)
  • (LTSF)
  • (LTS)
  • (NG Hardware)

I cannot disclose the details at the moment, as they are still confidential until February 21, 2024.

CVE-2024-1212 in Progress Kemp LoadMaster

Addendum: Progress Kemp was probably informed about a critical vulnerability CVE-2024-1212 for LoadMaster v7.2.48.1 and newer at the beginning of February 2024 and was able to confirm this. A list of vulnerabilities in LoadMaster with revision status February 21, 2024 can be found here.

According to the information I have received, unauthenticated, remote attackers who have access to LoadMaster's management interface have the ability to issue a carefully crafted API command that allows arbitrary system commands to be executed without authentication.


While it has always been LoadMaster's best practice to use a dedicated network interface as the management interface (hosting the UI and API) and restrict access to this interface to trusted personnel only, this may not be the case in all customer configurations.

To benefit from the latest security enhancements, customers must install the security patch for one of the Progress Kemp LoadMaster versions listed above.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *