CVE-2024-9537 (CVSS 9.8): Critical Zero-Day in ScienceLogic EM7 Leads to Rackspace Security Incident
Rackspace, a leading provider of managed cloud services, announced a security incident related to a zero-day vulnerability discovered in a third-party utility bundled with the ScienceLogic EM7 (SL1) monitoring platform. The vulnerability, now identified as CVE-2024-9537 with a CVSS score of 9.8, could allow remote code execution, potentially granting unauthorized access to sensitive data.
Rackspace utilizes ScienceLogic EM7 for internal system monitoring. On September 24th, 2024, the company identified suspicious activity within its monitoring infrastructure and promptly launched an investigation. The investigation revealed that an unknown threat actor had exploited the previously undocumented zero-day vulnerability to gain access to performance monitoring data.
Rackspace emphasizes that the breach was confined to performance monitoring data with low security sensitivity. This data included customer account names and numbers, usernames, internally generated device IDs, device names, device information, IP addresses, and AES256-encrypted internal device agent credentials. The company assures customers that no sensitive information, such as passwords or financial data, was compromised.
CVE-2024-9537 represents a remote code execution vulnerability in the third-party utility bundled with SL1. While ScienceLogic has refrained from disclosing the specific name of the utility, experts suggest that the utility may be integrated into a variety of other applications, prompting widespread concern in the cybersecurity community.
Upon discovery of the vulnerability, Rackspace immediately engaged with ScienceLogic to develop and deploy a patch. ScienceLogic has confirmed that the patch has been made available to all its customers. Rackspace has also directly notified all affected customers and confirmed that no action is required on their part.
Today, CISA added this flaw to Known Exploited Vulnerabilities Catalog.
ScienceLogic urges all SL1 users to update their systems immediately to mitigate the risk posed by this zero-day vulnerability. Detailed instructions on how to apply the update can be found on the ScienceLogic website.
