Hi,
does anyone know whats with KEMP Free and CVE-2024-7591?
It is not allowed to install an Add-On on KEMP Free. I just installed the current KEMP Free. The Add-On is not included in the Add-On list.
In the documentation of KEMP Free is written:
"Free LoadMaster is a maintained product that uses the same code base as the commercial releases of LoadMaster, and the Free Load Balancer gets the same features, enhancements, and fixes that roll out to all other LoadMaster releases."
So I would assume that the fix is implemented. Does anyone have more information?
Akshit Bhambota
Hey Hans,
Thanks for contacting Loadmaster Support.
Technically, Free LM doesn't come with Firmware updates, if you deploy a FreeLM with 7.2.60 for example, you can't update to 7.2.60.1 this is how we have written the code.
But, for CVE-2024-7591 we want all our users as a part of Good Gesture to get the update, even if their support is expired. So we created an Addon Package instead of a Firmware Update.
So, users with FreeLM can also have a fix from CVE-2024-7591 and instead of redeploying, they can simply add the addon package. It will give a warning you can't update the firmware, but this is an addon file so you can ignore the warning and perform an addon instead. All the steps and addon file links are given below.
You can download the addon file from here: https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
Before installing Addon, make sure the Update Verification Options are set to "No Verification File" or "Optional."
Invalid Verification File: https://support.kemptechnologies.com/hc/en-us/articles/7003314661645-Invalid-Verification-File
How to add an addon on Loadmaster: https://support.kemptechnologies.com/hc/en-us/articles/8503604808973-How-to-add-an-addon-on-Loadmaster
Let us know if you need more assistance on CVE-2024-7591.
Regards,
Akshit Bhambota
Technical Support Engineer II
Progress | KEMP