Platform
other
Component
logsign-unified-secops-platform
Fixed in
6.4.21
CVE-2024-7603 is a directory traversal vulnerability discovered in Logsign Unified SecOps Platform. This flaw allows authenticated remote attackers to delete arbitrary directories on affected systems, potentially leading to significant data loss and system compromise. The vulnerability impacts versions 6.4.20–6.4.20 and has been resolved in version 6.4.23.
The impact of CVE-2024-7603 is severe due to the ability to delete arbitrary directories as the root user. A successful exploit could result in the complete destruction of critical system files, configuration data, and security logs. This could render the Logsign Unified SecOps Platform unusable and compromise the integrity of the entire security infrastructure it manages. The requirement for authentication limits the immediate attack surface but does not eliminate the risk, particularly in environments with compromised user accounts or weak password policies. The potential for data exfiltration is indirect, as the primary impact is data destruction, but the loss of logs could hinder forensic investigations following an incident.
CVE-2024-7603 was reported to ZDI and subsequently published on 2024-08-21. The vulnerability's exploitation probability is considered medium due to the authentication requirement, but the potential impact is high. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the relatively straightforward nature of directory traversal vulnerabilities suggests that a PoC could emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
2.39% (85% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-7603 is to upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls to limit the number of authenticated users with administrative privileges. Implement a WAF with rules to block requests containing suspicious path traversal sequences (e.g., '../'). Regularly review and audit user permissions to ensure least privilege access. Monitor system logs for unusual file deletion activity, particularly targeting sensitive directories. After upgrading, confirm the fix by attempting a directory traversal attack via the HTTP API and verifying that access is denied.
Actualice Logsign Unified SecOps Platform a la versión 6.4.23 o posterior. Esta actualización corrige la vulnerabilidad de eliminación arbitraria de directorios mediante la validación adecuada de las rutas proporcionadas por el usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7603 is a vulnerability allowing authenticated attackers to delete arbitrary directories on Logsign Unified SecOps Platform, potentially leading to data loss and system compromise.
You are affected if you are running Logsign Unified SecOps Platform versions 6.4.20–6.4.20. Upgrade to 6.4.23 or later to mitigate the risk.
Upgrade Logsign Unified SecOps Platform to version 6.4.23 or later. Implement stricter access controls and monitor system logs for suspicious activity as interim measures.
There is no confirmed active exploitation of CVE-2024-7603 at this time, but the vulnerability's nature suggests a potential for exploitation.
Refer to the Logsign security advisory for CVE-2024-7603 on the Logsign website or through their security notification channels.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.