Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

ECS Connection Manager Security Vulnerability CVE-2024-1212

This article describes a security vulnerability that affects all standalone ECS Connection Manager (ECS CM) releases. Please see CVE-2024-1212 for the official description. 

The issue: it is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication. This is therefore regarded as a critical security issue. To close the security vulnerability, you must patch your system to the latest ECS CM update (

You can download the patch using this link or from the ECS CM Firmware Download Page.

For more information on how to apply the patch, refer to the Progress Knowledge Base Article on how to upgrade. Any customers that cannot upgrade and so must back up their current configuration, redeploy a new version that isn’t vulnerable, and then apply the backup to the redeployed system.  

In line with this announcement, we have updated our password policy. Please read the guidelines and reset your password. We are also strongly recommending that customers follow our security hardening guidelines.  

If you have any questions, concerns, or problems related to this issue, please log in to open a new Technical Support case in our customer community for assistance. Technical Support is available to all LoadMaster customers that are currently under a current support contract. For ECS ECM customers that have expired or lapsed maintenance, you can open a support ticket and request a support extension through the end of March 2024 to allow time to patch your LoadMaster(s).

Progress would like to thank Rhino Security Labs for notifying us of this issue as well as following responsible disclosure guidelines throughout this process. 

Was this article helpful?
0 out of 0 found this helpful