https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes <br/></td> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"/>

Exploit
CVE-2024-7603

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Aug 8, 2024 / Updated: 3mo ago

010
CVSS 8.1EPSS 0.04%High
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root.

Impact

The vulnerability has a high impact on availability, as it allows authenticated attackers to delete arbitrary directories on the affected system. This could lead to severe disruption of services, data loss, or system instability. The integrity impact is also high, as the attacker can modify the system structure by deleting directories. There is no direct impact on confidentiality. The attack vector is network-based, with low attack complexity and no user interaction required, making it relatively easy to exploit once an attacker has low-level privileges. The vulnerability has a CVSS v3.1 base score of 8.1 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Logsign has issued an update to correct this vulnerability. The patch is available in version 6.4.23 of the Logsign Unified SecOps Platform. More details can be found in the release notes at: https://support.logsign.net/hc/en-us/articles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes

Mitigation

1. Update the Logsign Unified SecOps Platform to version 6.4.23 or later as soon as possible. 2. Implement strong authentication mechanisms and regularly review and update user access privileges to minimize the risk of exploitation. 3. Monitor system logs for any suspicious activities related to directory deletions or unauthorized access attempts. 4. Implement network segmentation to restrict access to the HTTP API service (TCP port 443) only to necessary users and systems. 5. Regularly backup critical data and configurations to mitigate potential data loss in case of successful exploitation.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7603. See article

Aug 9, 2024 at 6:05 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 9, 2024 at 6:05 AM
Static CVE Timeline Graph

Affected Systems

Logsign/unified_secops_platform
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-1105/
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

Vendor Advisory

ZDI-24-1105: Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Logsign has issued an update to correct this vulnerability.

News

Security bulletin - 28 Aug 2024 - Cyber Security Agency of Singapore
Security bulletin - 28 Aug 2024 Cyber Security Agency of Singapore
LOGSIGN UNIFIED SECOPS PLATFORM CVE-2024-7603 CVE-2024-7603 Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028. https://www. cve.org/CVERecord?id=CVE-2024- 7603 https://www. zerodayinitiative.com/advisori es/ZDI-24-1105/ https:// support.logsign.net/hc/en-us/a rticles/20617133769362-06-08-2024-Version-6-4-23-Release-Notes # logsign # Logsign # UnifiedSecOpsPlatform # CVE_2024_7603 # bot
CVE-2024-7603
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was...
CVE-2024-7603
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028.
CVE-2024-7603
Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was...
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI