https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"/>https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"/>
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root.
The impact of this vulnerability is primarily on the confidentiality of information. An authenticated attacker can exploit this vulnerability to disclose sensitive information with root-level access. This could potentially lead to exposure of critical system data, configuration files, or other sensitive information that should not be accessible. The vulnerability has a CVSS v3 base score of 6.5, which is considered "High" severity. The attack vector is network-based, with low attack complexity and no user interaction required. While the vulnerability does not directly impact system integrity or availability, the disclosure of sensitive information could indirectly lead to further attacks or system compromise.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Logsign has issued an update to correct this vulnerability. The patch is available in version 6.4.23 of the Logsign Unified SecOps Platform. More details about the update can be found in the release notes at: https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes
1. Update the Logsign Unified SecOps Platform to version 6.4.23 or later as soon as possible. 2. If immediate patching is not feasible, consider implementing additional access controls or network segmentation to limit potential attackers' ability to reach the vulnerable HTTP API service. 3. Monitor and audit authentication attempts and API usage for any suspicious activities. 4. Implement the principle of least privilege for user accounts that have access to the platform. 5. Regularly review and update access credentials for the Logsign Unified SecOps Platform. 6. Consider implementing additional logging and monitoring for file operations within the platform to detect potential exploitation attempts.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Feedly found the first article mentioning CVE-2024-7602. See article
Feedly estimated the CVSS score as HIGH
Feedly estimated the CVSS score as MEDIUM