CVE-2024-7591 for KEMP Free?

Hi,

does anyone know whats with KEMP Free and CVE-2024-7591?
It is not allowed to install an Add-On on KEMP Free. I just installed the current KEMP Free. The Add-On is not included in the Add-On list.

In the documentation of KEMP Free is written:
"Free LoadMaster is a maintained product that uses the same code base as the commercial releases of LoadMaster, and the Free Load Balancer gets the same features, enhancements, and fixes that roll out to all other LoadMaster releases."

So I would assume that the fix is implemented. Does anyone have more information?

 

0

1 comment

Avatar

Akshit Bhambota

Hey Hans,
Thanks for contacting Loadmaster Support.

Technically, Free LM doesn't come with Firmware updates, if you deploy a FreeLM with 7.2.60 for example, you can't update to 7.2.60.1 this is how we have written the code.

But, for CVE-2024-7591 we want all our users as a part of Good Gesture to get the update, even if their support is expired. So we created an Addon Package instead of a Firmware Update.

So, users with FreeLM can also have a fix from CVE-2024-7591 and instead of redeploying, they can simply add the addon package. It will give a warning you can't update the firmware, but this is an addon file so you can ignore the warning and perform an addon instead. All the steps and addon file links are given below.

You can download the addon file from here: https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591

Before installing Addon, make sure the Update Verification Options are set to "No Verification File" or "Optional."

Invalid Verification File: https://support.kemptechnologies.com/hc/en-us/articles/7003314661645-Invalid-Verification-File

How to add an addon on Loadmaster: https://support.kemptechnologies.com/hc/en-us/articles/8503604808973-How-to-add-an-addon-on-Loadmaster

Let us know if you need more assistance on CVE-2024-7591.

Regards,
Akshit Bhambota
Technical Support Engineer II
Progress | KEMP

 

 

 

 

 

0

Please to leave a comment.

Didn't find what you were looking for?