Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

ECS Connection Manager Security Vulnerability CVE-2024-6658

This article describes an ECS Connection Manager (ECS CM) security vulnerability that affects all ECS CM releases. Please see CVE-2024-6658 for the official description.

We have not received any reports that this vulnerability has been exploited and we are not aware of any direct impact to customers. Nevertheless, we are encouraging all customers to upgrade their ECS CM implementations as soon as possible to harden their environment. Make sure you are subscribed to the announcement notification via the Support Portal to receive timely notifications for important product updates.

This notification provides a brief description of the vulnerability and the related enhancements made in the affected releases.

Fix for CVE-2024-6658

It is possible for authenticated, remote attackers who have access to the management interface of ECS CM, and ECS CM credentials, to issue a carefully crafted http request that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.

Update Details

To benefit from this security enhancement, customers should update to the Progress ECS CM release listed below as soon as possible:

 Product Affected Versions Patched Versions Release Date
ECS CM 7.2.60.0 and all prior releases 7.2.60.1 (GA)
XML validation file
12 Sep 2024

 For more information on how to apply the security patch above, refer to the Progress Knowledge Base article on how to upgrade.

We strongly recommend that customers follow our security hardening guidelines. If you have any questions, concerns or problems related to this issue, please log in to open a new Technical Support case in our customer community for assistance. Technical Support is available to all ECS CM customers under a current support contract.


Was this article helpful?
0 out of 0 found this helpful

Comments