Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities

CVE-2024-5716 and CVE-2024-5717

Two critical vulnerabilities have been identified in the Logsign Unified SecOps Platform, a comprehensive software solution for security operations. These vulnerabilities, CVE-2024-5716 and CVE-2024-5717, when combined, can enable remote, unauthenticated code execution on the web server via HTTP requests. This could allow a remote attacker to gain unauthorized access and potentially take control of the system.

CVE-2024-5716 and CVE-2024-5717

The Logsign Unified SecOps Platform integrates SIEM, SOAR, UEBA, and TI capabilities, offering security analysts comprehensive threat detection, investigation, and response (TDIR). The platform ensures extensive visibility and control over data lakes, facilitating the collection and storage of unlimited data, threat detection, and automated responses. By unifying various cybersecurity tools, Logsign aims to simplify security operations and reduce associated costs and complexities.

The vulnerabilities reside in the platform’s password reset mechanism and command injection handling.

  • CVE-2024-5716 (Authentication Bypass): This flaw enables attackers to circumvent authentication by exploiting a lack of rate limiting on password reset requests. Malicious actors could potentially brute-force their way into accounts, including high-privileged ones like the default “admin” user.

  • CVE-2024-5717 (Post-Auth Command Injection): Once authenticated (even through the aforementioned bypass), this vulnerability allows attackers to inject and execute arbitrary commands on the system with elevated privileges (root). This effectively grants them complete control over the compromised platform.

When these vulnerabilities are chained, they pose a severe risk. An attacker can first bypass authentication using CVE-2024-5716 and then leverage CVE-2024-5717 to execute arbitrary code. This combination allows for remote, unauthenticated code execution, leading to potential system compromise and unauthorized access to sensitive data. The technical details and proof-of-concept exploit codes for these flaws have been published.

Logsign has responded promptly by patching these and other vulnerabilities in version 6.4.8 of the Unified SecOps Platform. It is imperative for all users to update to this latest version immediately to mitigate these risks.