Plattform
other
Komponente
logsign-unified-secops-platform
Behoben in
6.4.21
CVE-2024-7603 is a directory traversal vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary directories on affected systems, potentially leading to significant data loss and system compromise. The vulnerability impacts versions 6.4.20–6.4.20 and has been resolved in version 6.4.23.
The impact of CVE-2024-7603 is severe due to the ability to delete arbitrary directories as the root user. A successful exploit could result in complete data loss, disruption of security operations, and potential compromise of the entire Logsign Unified SecOps Platform instance. Attackers could target critical configuration files, log data, or even core system files, rendering the platform unusable or allowing for further malicious activity. The requirement for authentication limits the immediate scope, but if an attacker gains valid credentials, the potential for damage is substantial.
CVE-2024-7603 was disclosed on August 21, 2024, and reported by ZDI. The vulnerability requires authentication, which may limit immediate exploitation. Public proof-of-concept code is currently unavailable, but the relatively straightforward nature of directory traversal vulnerabilities suggests that a PoC could emerge. The CVSS score of 7.1 (HIGH) indicates a significant risk, and organizations should prioritize remediation.
Organizations heavily reliant on Logsign Unified SecOps Platform for security monitoring and incident response are at significant risk. Specifically, deployments with weak authentication practices, shared hosting environments where multiple users have access to the platform, and legacy configurations with outdated security policies are particularly vulnerable.
• linux / server:
journalctl -u logsign -g "directory deletion"• generic web:
curl -I 'https://<logsign_ip>/../../../../etc/passwd' # Attempt directory traversal• generic web:
grep -r 'directory deletion' /var/log/apache2/access.log /var/log/apache2/error.log # Check for suspicious requests in logsdisclosure
Exploit-Status
EPSS
2.39% (85% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-7603 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter access controls to limit the number of users with administrative privileges. Review and audit user accounts to identify and disable any unnecessary or suspicious accounts. Implement a Web Application Firewall (WAF) with rules to block requests containing suspicious path traversal patterns. Monitor system logs for any unusual file deletion activity.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de eliminación arbitraria de directorios mediante la validación adecuada de las rutas proporcionadas por el usuario.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-7603 is a vulnerability allowing authenticated attackers to delete arbitrary directories on Logsign Unified SecOps Platform, potentially leading to data loss and system compromise.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
Upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. Implement stricter access controls and monitor system logs for suspicious activity as interim measures.
There is no confirmed active exploitation of CVE-2024-7603 at this time, but the vulnerability's nature suggests a potential for exploitation.
Refer to the Logsign security advisory for CVE-2024-7603 on the Logsign website or through their security notification channels.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.