Plattform
other
Komponente
logsign-unified-secops-platform
Behoben in
6.4.21
CVE-2024-7601 is an Arbitrary File Access vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary files on affected systems, potentially leading to data loss or system compromise. The vulnerability impacts versions 6.4.20–6.4.20, and a patch is available in version 6.4.23.
The impact of CVE-2024-7601 is significant due to the ability of an attacker to delete arbitrary files with root privileges. Successful exploitation could lead to complete system compromise, data exfiltration, or denial of service. An attacker could delete critical configuration files, log data, or even the operating system itself. The requirement for authentication limits the immediate scope, but if an attacker gains valid credentials, the potential for damage is substantial. This vulnerability shares similarities with other file deletion vulnerabilities where insufficient input validation allows for traversal and unauthorized access.
CVE-2024-7601 was publicly disclosed on August 21, 2024. Its exploitation probability is currently assessed as medium, given the requirement for authentication and the relatively specific API endpoint targeted. No public proof-of-concept exploits have been observed at the time of writing, but the vulnerability's simplicity suggests that one may emerge. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Logsign Unified SecOps Platform for security monitoring and incident response are at significant risk. Specifically, deployments with weak access controls or those using default configurations are particularly vulnerable. Shared hosting environments where multiple users share the same Logsign instance also face increased risk.
• linux / server:
journalctl -u logsign | grep -i "data_export_delete_all"• generic web:
curl -I https://<logsign_ip>:443/api/data_export_delete_all?path=/etc/passwd | grep -i "200 OK"disclosure
Exploit-Status
EPSS
1.36% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-7601 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. If an immediate upgrade is not possible, consider implementing temporary workarounds. While a direct WAF rule to prevent file deletion is difficult without specific knowledge of the API endpoint, restricting access to the dataexportdelete_all API endpoint via network segmentation or access control lists can reduce the attack surface. Monitor system logs for suspicious file deletion activity, particularly targeting sensitive directories. After upgrading, confirm the fix by attempting to access the vulnerable API endpoint with a non-administrative user and verifying that file deletion is denied.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de eliminación arbitraria de archivos mediante la validación adecuada de las rutas proporcionadas por el usuario.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-7601 is a vulnerability allowing authenticated attackers to delete arbitrary files on Logsign Unified SecOps Platform servers, potentially leading to data loss or system compromise.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
Upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. Implement temporary workarounds like restricting API access and file access controls if an immediate upgrade is not possible.
There is no confirmed active exploitation of CVE-2024-7601 at this time, but the vulnerability's simplicity suggests potential for exploitation.
Refer to the Logsign security advisory for detailed information and updates regarding CVE-2024-7601: [https://www.logsign.com/security-advisory/](https://www.logsign.com/security-advisory/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.