CVE-2024-5721

HIGH

Logsign Unified Secops Platform < 6.4.8 - Missing Authentication

Title source: rule

Description

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/logsign_exec.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-24-615/

[Release Notes] https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes

Scores

CVSS v3 8.1

EPSS 0.6315

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

logsign/unified_secops_platform 6.4.6 - 6.4.8

Published Nov 22, 2024

Tracked Since Feb 18, 2026