All the vulnerabilites related to Logsign - Unified SecOps Platform
cve-2024-5718
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-618/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:12.833-05:00",
"datePublic": "2024-06-12T12:03:35.103-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:30.722Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-618",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-618/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5718",
"datePublished": "2024-11-22T20:05:30.722Z",
"dateReserved": "2024-06-06T23:09:12.804Z",
"dateUpdated": "2024-11-22T20:05:30.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5717
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-617/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:06.722-05:00",
"datePublic": "2024-06-12T12:03:21.192-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24165."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:29.751Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-617",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-617/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5717",
"datePublished": "2024-11-22T20:05:29.751Z",
"dateReserved": "2024-06-06T23:09:06.694Z",
"dateUpdated": "2024-11-22T20:05:29.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7564
Vulnerability from cvelistv5
Published
2024-08-06 15:47
Modified
2024-08-07 13:34
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1021/ | x_research-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:33:35.480677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T13:34:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.11"
}
]
}
],
"dateAssigned": "2024-08-06T10:47:33.834-05:00",
"datePublic": "2024-07-30T14:22:06.070-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:47:49.467Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1021",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1021/"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7564",
"datePublished": "2024-08-06T15:47:49.467Z",
"dateReserved": "2024-08-06T15:47:33.796Z",
"dateUpdated": "2024-08-07T13:34:22.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5716
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Authentication Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-616/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:01.521-05:00",
"datePublic": "2024-06-12T12:03:08.280-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user\u0027s password and bypass authentication on the system. Was ZDI-CAN-24164."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:28.736Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-616",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-616/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5716",
"datePublished": "2024-11-22T20:05:28.736Z",
"dateReserved": "2024-06-06T23:09:01.491Z",
"dateUpdated": "2024-11-22T20:05:28.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5719
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-619/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:19.308-05:00",
"datePublic": "2024-06-12T12:03:47.619-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24167."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:31.663Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-619",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-619/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5719",
"datePublished": "2024-11-22T20:05:31.663Z",
"dateReserved": "2024-06-06T23:09:19.279Z",
"dateUpdated": "2024-11-22T20:05:31.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5720
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-613/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:25.084-05:00",
"datePublic": "2024-06-12T12:02:11.662-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24168."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:32.588Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-613",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-613/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5720",
"datePublished": "2024-11-22T20:05:32.588Z",
"dateReserved": "2024-06-06T23:09:25.043Z",
"dateUpdated": "2024-11-22T20:05:32.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7602
Vulnerability from cvelistv5
Published
2024-08-21 16:06
Modified
2024-08-21 19:58
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1102/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:58:02.979567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T19:58:11.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.20"
}
]
}
],
"dateAssigned": "2024-08-07T19:16:51.555-05:00",
"datePublic": "2024-08-08T14:44:07.350-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25027."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:06:09.754Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1102",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1102/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7602",
"datePublished": "2024-08-21T16:06:09.754Z",
"dateReserved": "2024-08-08T00:16:51.521Z",
"dateUpdated": "2024-08-21T19:58:11.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9257
Vulnerability from cvelistv5
Published
2024-11-22 21:02
Modified
2024-11-23 01:26
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1295/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T01:19:41.107071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T01:26:27.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.24"
}
]
}
],
"dateAssigned": "2024-09-26T14:39:04.115-05:00",
"datePublic": "2024-09-26T16:23:20.994-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:02:48.622Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1295",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1295/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9257",
"datePublished": "2024-11-22T21:02:48.622Z",
"dateReserved": "2024-09-26T19:39:04.085Z",
"dateUpdated": "2024-11-23T01:26:27.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7600
Vulnerability from cvelistv5
Published
2024-08-21 16:06
Modified
2024-08-21 20:09
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1103/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T20:09:34.171781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:09:41.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.20"
}
]
}
],
"dateAssigned": "2024-08-07T19:16:36.429-05:00",
"datePublic": "2024-08-08T14:44:22.132-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:06:01.959Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1103",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1103/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7600",
"datePublished": "2024-08-21T16:06:01.959Z",
"dateReserved": "2024-08-08T00:16:36.390Z",
"dateUpdated": "2024-08-21T20:09:41.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5721
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-615/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:31.111-05:00",
"datePublic": "2024-06-12T12:02:59.143-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:33.642Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-615",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-615/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5721",
"datePublished": "2024-11-22T20:05:33.642Z",
"dateReserved": "2024-06-06T23:09:31.083Z",
"dateUpdated": "2024-11-22T20:05:33.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7603
Vulnerability from cvelistv5
Published
2024-08-21 16:06
Modified
2024-08-21 19:57
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1105/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:56:52.474761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T19:57:02.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.20"
}
]
}
],
"dateAssigned": "2024-08-07T19:16:56.066-05:00",
"datePublic": "2024-08-08T14:44:43.989-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:06:13.270Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1105",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1105/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7603",
"datePublished": "2024-08-21T16:06:13.270Z",
"dateReserved": "2024-08-08T00:16:56.033Z",
"dateUpdated": "2024-08-21T19:57:02.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7601
Vulnerability from cvelistv5
Published
2024-08-21 16:06
Modified
2024-08-21 20:08
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1106/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T20:08:46.251042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T20:08:55.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.20"
}
]
}
],
"dateAssigned": "2024-08-07T19:16:45.572-05:00",
"datePublic": "2024-08-08T14:44:53.524-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25026."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:06:06.261Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1106",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1106/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7601",
"datePublished": "2024-08-21T16:06:06.261Z",
"dateReserved": "2024-08-08T00:16:45.531Z",
"dateUpdated": "2024-08-21T20:08:55.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7604
Vulnerability from cvelistv5
Published
2024-08-21 16:06
Modified
2024-08-21 19:55
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1104/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:55:20.450765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T19:55:29.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.20"
}
]
}
],
"dateAssigned": "2024-08-07T19:17:05.089-05:00",
"datePublic": "2024-08-08T14:44:34.307-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the user\u0027s license expiration date. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25029."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:06:17.339Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1104",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1104/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Smile Thanapattheerakul of Trend Micro"
},
"title": "Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7604",
"datePublished": "2024-08-21T16:06:17.339Z",
"dateReserved": "2024-08-08T00:17:05.055Z",
"dateUpdated": "2024-08-21T19:55:29.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5722
Vulnerability from cvelistv5
Published
2024-11-22 20:05
Modified
2024-11-22 20:05
Severity ?
EPSS score ?
Summary
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-614/ | x_research-advisory | |
| https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Logsign | Unified SecOps Platform |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Unified SecOps Platform",
"vendor": "Logsign",
"versions": [
{
"status": "affected",
"version": "6.4.6"
}
]
}
],
"dateAssigned": "2024-06-06T18:09:37.235-05:00",
"datePublic": "2024-06-12T12:02:22.509-05:00",
"descriptions": [
{
"lang": "en",
"value": "Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:34.629Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-614",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-614/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes"
}
],
"source": {
"lang": "en",
"value": "Mehmet INCE (@mdisec) from PRODAFT.com"
},
"title": "Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5722",
"datePublished": "2024-11-22T20:05:34.629Z",
"dateReserved": "2024-06-06T23:09:37.208Z",
"dateUpdated": "2024-11-22T20:05:34.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}