CVE-2024-3544
📋 TL;DR
Unauthenticated attackers on the same network can use SSH private keys to perform actions on LoadMaster HA/Cluster machines by knowing their IP addresses. This affects Kemp LoadMaster products with High Availability or Cluster configurations. The vulnerability allows unauthorized access to partner communications.
💻 Affected Systems
- Kemp LoadMaster
📦 What is this software?
Loadmaster by Progress
Loadmaster by Progress
Loadmaster by Progress
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of LoadMaster cluster nodes leading to service disruption, data exposure, or lateral movement within the network.
Likely Case
Unauthorized access to partner communications allowing configuration changes, service disruption, or information disclosure.
If Mitigated
Limited impact due to network segmentation and proper access controls restricting attacker access to partner communication networks.
🎯 Exploit Status
Exploitation requires network access to partner communication channels and knowledge of target IP addresses. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Consult Kemp support for specific patched versions
Vendor Advisory: https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543
Restart Required: Yes
Instructions:
1. Access Kemp support portal for patched firmware. 2. Backup current configuration. 3. Apply firmware update. 4. Restart LoadMaster services. 5. Verify partner communications now require shared secret.
🔧 Temporary Workarounds
Network Segmentation
allIsolate LoadMaster partner communication networks from general network access
Access Control Lists
allImplement strict ACLs to restrict access to LoadMaster HA/Cluster communication ports
🧯 If You Can't Patch
- Implement strict network segmentation to isolate LoadMaster partner communications
- Monitor network traffic to/from LoadMaster HA/Cluster IP addresses for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if LoadMaster HA/Cluster is configured and verify if partner communications use shared secret authenticationCheck Version:
Login to LoadMaster web interface and check System > System Administration > System Information for firmware versionVerify Fix Applied:
Verify that partner communications now require a pre-shared secret and test that unauthenticated access is blocked📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to LoadMaster partner communication ports
- Configuration changes without proper authentication logs
Network Indicators:
- Unencrypted or unauthenticated traffic between LoadMaster cluster nodes
- Unexpected SSH key usage in partner communications
SIEM Query:
source_ip IN (LoadMaster_IPs) AND (port IN (partner_ports) AND auth_result="failure")🔗 References
- https://kemptechnologies.com/
- https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543
- https://kemptechnologies.com/
- https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543
