https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>

Exploit
CVE-2024-7600

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Aug 8, 2024 / Updated: 3mo ago

010
CVSS 8.1EPSS 0.04%High
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root.

Impact

The primary impact of this vulnerability is on the availability and integrity of the affected system. An authenticated attacker can delete arbitrary files on the Logsign Unified SecOps Platform, potentially causing severe disruption to the system's operation. The deletion of files occurs in the context of root, which means critical system files could be targeted, leading to system instability or failure. While the confidentiality of data is not directly compromised, the loss of important files could indirectly lead to data loss. The CVSS v3.1 base score for this vulnerability is 8.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. This indicates a high availability and integrity impact, with no direct confidentiality impact.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Logsign has issued an update to correct this vulnerability in version 6.4.23 of the Unified SecOps Platform. The vulnerable version is 6.4.20. More details about the patch can be found in the release notes at: https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes

Mitigation

To mitigate this vulnerability, the following steps are recommended: 1. Update the Logsign Unified SecOps Platform to version 6.4.23 or later as soon as possible. 2. If immediate patching is not possible, implement strict access controls to limit authentication to the HTTP API service. 3. Monitor system logs for any suspicious file deletion activities, especially those performed with root privileges. 4. Implement network segmentation to restrict access to the affected HTTP API service (TCP port 443) only to necessary users and systems. 5. Regularly backup critical files and data to ensure quick recovery in case of unauthorized deletions. 6. Implement the principle of least privilege for user accounts to minimize the potential impact if credentials are compromised.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7600. See article

Aug 9, 2024 at 6:05 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 9, 2024 at 6:05 AM
Static CVE Timeline Graph

Affected Systems

Logsign/unified_secops_platform
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-1103/
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

Vendor Advisory

ZDI-24-1103: Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Logsign has issued an update to correct this vulnerability.

News

Security bulletin - 28 Aug 2024 - Cyber Security Agency of Singapore
Security bulletin - 28 Aug 2024 Cyber Security Agency of Singapore
cveNotify : 🚨 CVE-2024-7600Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025.🎖@cveNotify
cveNotify : 🚨 CVE-2024-7600Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025.🎖@cveNotify
CVE-2024-7600
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was...
LOGSIGN UNIFIED SECOPS PLATFORM CVE-2024-7600 CVE-2024-7600 Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025. https://www. cve.org/CVERecord?id=CVE-2024- 7600 https://www. zerodayinitiative.com/advisori es/ZDI-24-1103/ https:// support.logsign.net/hc/en-us/a rticles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes # logsign # Logsign # UnifiedSecOpsPlatform # CVE_2024_7600 # bot
CVE-2024-7600
Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI