FKIE_CVE-2024-48952

Vulnerability from fkie_nvd - Published: 2024-11-07 17:15 - Updated: 2025-04-30 16:36
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Summary
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.
References
cve@mitre.orghttps://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/Release Notes
cve@mitre.orghttps://servicedesk.logpoint.com/hc/en-us/articles/21968950913693-Static-JWT-Key-enables-unauthorized-API-accessVendor Advisory
cve@mitre.orghttps://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-SecurityProduct
Impacted products
Vendor Product Version
logpoint soar *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:logpoint:soar:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "325321CB-578C-44E0-B787-210375D08F41",
              "versionEndExcluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Logpoint antes de la versi\u00f3n 7.5.0. SOAR usa una clave secreta JWT est\u00e1tica para generar tokens que permiten el acceso a los endpoints de la API de SOAR sin autenticaci\u00f3n. Esta vulnerabilidad de clave est\u00e1tica permite a los atacantes crear claves secretas JWT personalizadas para el acceso no autorizado a estos endpoints."
    }
  ],
  "id": "CVE-2024-48952",
  "lastModified": "2025-04-30T16:36:09.680",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-07T17:15:08.510",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/21968950913693-Static-JWT-Key-enables-unauthorized-API-access"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.