Platform
other
Component
logsign-unified-secops-platform
Fixed in
6.4.21
CVE-2024-7600 is a directory traversal vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary files on the system, potentially leading to system compromise or data loss. The vulnerability affects versions 6.4.20–6.4.20 and has been resolved in version 6.4.23.
The impact of CVE-2024-7600 is significant due to the ability to delete arbitrary files as the root user. A successful exploit could allow an attacker to completely compromise the Logsign Unified SecOps Platform instance, potentially leading to data exfiltration, system disruption, or even complete system takeover. The ability to delete critical configuration files could render the platform unusable, impacting security monitoring and incident response capabilities. The requirement for authentication limits the immediate attack surface, but if an attacker gains valid credentials, the potential for damage is substantial.
CVE-2024-7600 was disclosed on August 21, 2024. Public proof-of-concept code is currently unavailable, but the vulnerability's nature and potential impact suggest it could become a target for exploitation. The vulnerability is tracked by ZDI-CAN-25025. Its severity is being evaluated by CISA and may be added to the KEV catalog depending on observed exploitation activity.
Exploit Status
EPSS
3.63% (88% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-7600 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. If an immediate upgrade is not possible, consider implementing stricter access controls to limit the number of users with administrative privileges. Review and audit user accounts to identify and disable any unnecessary or suspicious accounts. Implement a Web Application Firewall (WAF) with rules to block attempts to manipulate file paths. Monitor system logs for suspicious file deletion activity. After upgrading, confirm the fix by attempting to access a restricted file via the HTTP API and verifying that access is denied.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de recorrido de directorios que permite la eliminación arbitraria de archivos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7600 is a directory traversal vulnerability in Logsign Unified SecOps Platform that allows authenticated attackers to delete arbitrary files on the system.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
The recommended fix is to upgrade to Logsign Unified SecOps Platform version 6.4.23 or later. Implement stricter access controls as an interim measure.
While no active exploitation has been publicly confirmed, the vulnerability's potential impact suggests it could become a target. Monitor your systems closely.
Refer to the official Logsign security advisory for CVE-2024-7600 on the Logsign website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.