https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root.
The impact of this vulnerability is severe, with a CVSS v3 base score of 8.1 (High). The attack vector is network-based, with low attack complexity and requiring low privileges. No user interaction is needed. While there is no impact on confidentiality, there is a high impact on both integrity and availability. An attacker can delete arbitrary files with root privileges, potentially causing significant disruption to system operations and data loss. This could lead to service outages, loss of critical data, and compromise of system integrity.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Logsign has issued an update to correct this vulnerability. The patch is available in version 6.4.23 of the Logsign Unified SecOps Platform. Users should upgrade from the vulnerable version 6.4.20 to version 6.4.23 or later. More details can be found in the release notes at: https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes
1. Apply the patch provided by Logsign immediately by upgrading to version 6.4.23 or later of the Unified SecOps Platform. 2. If immediate patching is not possible, consider implementing additional access controls or network segmentation to limit access to the HTTP API service (TCP port 443). 3. Monitor system logs for any suspicious file deletion activities. 4. Implement the principle of least privilege for user accounts that have access to the platform. 5. Regularly backup critical files and data to mitigate the impact of potential file deletions. 6. Consider implementing additional input validation and sanitization mechanisms at the application level as an extra layer of defense.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Feedly found the first article mentioning CVE-2024-7601. See article
Feedly estimated the CVSS score as HIGH