Platform
other
Component
logsign-unified-secops-platform
Fixed in
6.4.21
CVE-2024-7601 is an Arbitrary File Access vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary files on affected systems, potentially leading to data loss or system compromise. The vulnerability impacts versions 6.4.20–6.4.20, and a patch is available in version 6.4.23.
The primary impact of CVE-2024-7601 is the ability for an authenticated attacker to delete arbitrary files on the Logsign Unified SecOps Platform server. Given that the vulnerability allows deletion as the root user, the potential damage is significant. Attackers could delete critical configuration files, log data, or even system binaries, effectively rendering the platform unusable or causing a denial-of-service. The blast radius extends to any data stored and managed by the platform, and the ability to operate as root grants the attacker extensive privileges within the system's file system. This vulnerability shares similarities with other file deletion vulnerabilities where insufficient input validation leads to unauthorized access and modification of system resources.
CVE-2024-7601 was publicly disclosed on August 21, 2024. The vulnerability's exploitation probability is currently assessed as medium due to the requirement for authentication. No public proof-of-concept (PoC) code has been released at the time of writing, but the relatively straightforward nature of the vulnerability suggests that a PoC could emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
1.36% (80% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-7601 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing temporary workarounds. Restrict access to the HTTP API service (default TCP port 443) to only trusted networks and users. Implement strict file access controls within the platform to limit the root user's privileges. Monitor system logs for suspicious file deletion activity. While a WAF might not directly prevent the vulnerability, it could be configured to detect and block requests containing potentially malicious file paths. After upgrading, confirm the fix by attempting to access and delete a test file via the API and verifying that access is denied.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de eliminación arbitraria de archivos mediante la validación adecuada de las rutas proporcionadas por el usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7601 is a vulnerability allowing authenticated attackers to delete arbitrary files on Logsign Unified SecOps Platform servers, potentially leading to data loss or system compromise.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
Upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. Implement temporary workarounds like restricting API access and file access controls if an immediate upgrade is not possible.
There is no confirmed active exploitation of CVE-2024-7601 at this time, but the vulnerability's simplicity suggests potential for exploitation.
Refer to the Logsign security advisory for detailed information and updates regarding CVE-2024-7601: [https://www.logsign.com/security-advisory/](https://www.logsign.com/security-advisory/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.