Plattform
other
Komponente
logsign-unified-secops-platform
Behoben in
6.4.21
CVE-2024-7600 is a directory traversal vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary files on the system, potentially leading to system compromise or data loss. The vulnerability affects versions 6.4.20–6.4.20 and has been resolved in version 6.4.23.
The impact of CVE-2024-7600 is significant due to the ability to delete arbitrary files with root privileges. An attacker who can authenticate to the Logsign Unified SecOps Platform can exploit this vulnerability to delete critical system files, configuration files, or sensitive data stored on the server. This could lead to a complete system outage, data exfiltration, or even remote code execution if the attacker can leverage the file deletion to install malicious code. The requirement for authentication limits the immediate scope, but successful compromise of a user account would grant the attacker this dangerous capability.
CVE-2024-7600 was reported to ZDI as ZDI-CAN-25025. Public proof-of-concept code is currently unavailable, but the vulnerability's nature suggests a relatively straightforward exploitation path once a user account is compromised. The vulnerability was publicly disclosed on 2024-08-21. The EPSS score is pending evaluation, but the ability to delete arbitrary files as root indicates a potentially high-risk vulnerability.
Organizations heavily reliant on Logsign Unified SecOps Platform for security monitoring and incident response are particularly at risk. This includes organizations with limited security resources or those using older, unpatched installations of the platform. Shared hosting environments where multiple users share the same Logsign instance are also at increased risk, as a compromised user account could be leveraged to exploit this vulnerability.
• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/auth.log) for suspicious file deletion attempts, particularly those originating from external sources. Use auditd to track file access and modification events.
auditctl -w / -p wa -k logsign_file_deletion• generic web: Examine access and error logs for unusual HTTP requests containing path traversal sequences (e.g., ../).
grep -i 'path=../' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
3.63% (88% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-7600 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later, which contains the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to the HTTP API service on TCP port 443 to trusted networks only. Review user permissions and ensure that only authorized users have access to sensitive files. Monitor system logs for suspicious file deletion activity. After upgrading, confirm the fix by attempting to access restricted files via the HTTP API and verifying that access is denied.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de recorrido de directorios que permite la eliminación arbitraria de archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-7600 is a directory traversal vulnerability in Logsign Unified SecOps Platform that allows authenticated attackers to delete arbitrary files on the system.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
The recommended fix is to upgrade to Logsign Unified SecOps Platform version 6.4.23 or later. Implement stricter access controls as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's potential impact suggests it could become a target. Monitor your systems closely.
Refer to the official Logsign security advisory for CVE-2024-7600 on the Logsign website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.