CVE-2024-48952

Missing Authentication for Critical Function (CWE-306)

Published: Nov 7, 2024 / Updated: 12d ago

010
CVSS 6.4EPSS 0.05%Medium
CVE info copied to clipboard

Summary

An issue was discovered in Logpoint before version 7.5.0. SOAR (Security Orchestration, Automation and Response) uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.

Impact

This vulnerability could allow attackers to gain unauthorized access to SOAR API endpoints. By exploiting this issue, malicious actors could potentially access sensitive information, manipulate system configurations, or execute unauthorized actions within the SOAR environment. This could lead to data breaches, system compromises, or disruption of security operations managed through the SOAR platform.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been addressed in Logpoint version 7.5.0 and later.

Mitigation

1. Upgrade Logpoint to version 7.5.0 or later as soon as possible. 2. Until the upgrade is completed, closely monitor all access to SOAR API endpoints for any suspicious activities. 3. Implement additional authentication layers or access controls in front of the SOAR API endpoints if possible. 4. Review and audit any actions performed through the SOAR API to identify potential unauthorized access. 5. Rotate all API keys and tokens after upgrading to ensure any potentially compromised credentials are invalidated.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48952

Nov 7, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48952. See article

Nov 7, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 7, 2024 at 5:24 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 7, 2024 at 6:19 PM
CVSS

A CVSS base score of 6.4 has been assigned.

Nov 7, 2024 at 8:40 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 17%)

Nov 8, 2024 at 10:19 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 8, 2024 at 3:24 PM
Static CVE Timeline Graph

Affected Systems

Logpoint
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

CVE Alert: CVE-2024-48952
This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication.
CVE-2024-48952
Medium Severity Description An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. Read more at https://www.tenable.com/cve/CVE-2024-48952
NA - CVE-2024-48952 - An issue was discovered in Logpoint before...
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability...
CVE-2024-48952 | Logpoint up to 7.4.x SOAR API Endpoint hard-coded key
A vulnerability was found in Logpoint up to 7.4.x and classified as critical . Affected by this issue is some unknown functionality of the component SOAR API Endpoint . The manipulation leads to use of hard-coded cryptographic key . This vulnerability is handled as CVE-2024-48952 . The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-48952 - Logpoint SOAR Static JWT Secret Key Vulnerability
CVE ID : CVE-2024-48952 Published : Nov. 7, 2024, 5:15 p.m. 49 minutes ago Description : An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. Severity:
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI