CVE-2024-2449

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 22, 2024

CWE ID 287

CWE ID 284

Summary

CVE-2024-2449 is a cross-site request forgery (CSRF) vulnerability affecting LoadMaster. Malicious actors with prior knowledge of a LoadMaster's IP or hostname can exploit this flaw by directing authenticated administrators to a malicious site. Upon visiting the site, the administrator's LoadMaster would execute HTTP transactions under the attacker's control, potentially leading to unintended actions or data manipulation. This vulnerability could result in serious security implications for LoadMaster users. It is crucial for administrators to apply necessary patches or upgrades to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uRoGED
https://www.cve.org/CVERecord?id=CVE-2024-2449
https://nvd.nist.gov/vuln/detail/CVE-2024-2449

Back to Vulnerability Database

CVE-2024-2449

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations