Logsign Unified SecOps RCE Vulnerabilities Let Attackers Gain Control of the System
Logsign, a web server constructed on Python for Unified Security Operations (SecOps), has efficiently addressed serious vulnerabilities that may maybe perchance potentially allow risk actors to attain corpulent aid a watch on over the scheme.
The vulnerabilities, identified as CVE-2024-5716 and CVE-2024-5717, can even be blended to accomplish some distance off, unauthenticated code execution through HTTP requests.
Logsign supplies security analysts total visibility and aid a watch on over their data lake. They’ll procure and store limitless data, investigate and detect threats, and reply automatically.
CVE-2024-5716: Authentication Bypass
The first vulnerability, CVE-2024-5716, is an authentication bypass flaw during the password reset mechanism. This downside arises from the inability of restrictions on excessive password reset makes an attempt. An attacker can exploit this by sending extra than one requests to reset the admin’s password until they brute force the real reset code. Once the real reset code is got, the attacker can reset the admin’s password and possess administrative access to the scheme.
CVE-2024-5717: Put up-Auth Give an explanation for Injection
The 2d vulnerability, CVE-2024-5717, is a submit-authentication train injection flaw. This vulnerability lets in authenticated customers to accomplish arbitrary code on the scheme resulting from spoiled validation of user-supplied strings sooner than executing a tool call. Even though authentication is required to exhaust this vulnerability, it will also be bypassed utilizing the authentication bypass flaw (CVE-2024-5716).
Basically essentially based mostly on Trend Micro Zero Day Initiative (ZDI), an attacker can accomplish some distance off, unauthenticated code execution by combining these vulnerabilities. The exploit contains utilizing CVE-2024-5716 to reset the admin’s password and log in with the fresh credentials.
Once authenticated, the attacker can exploit CVE-2024-5717 to accomplish arbitrary commands because the inspiration user. This can even be damaged-the total manner down to attain a reverse shell, offering the attacker with total aid a watch on over the scheme.
Exploiting these vulnerabilities in tandem, attackers may maybe perchance:
- Bypass authentication during the password reset flaw
- Log in as an administrator
- Attain arbitrary scheme commands during the demo mode characteristic
This assault chain grants corpulent aid a watch on over the Logsign server, working with root privileges.
Mitigation
Logsign has patched these vulnerabilities in version 6.4.8. Customers are strongly advised to update to this version to provide protection to their programs from skill exploits. Additionally, performing a corpulent audit of the scheme is recommended to name and fix any varied skill vulnerabilities.
These vulnerabilities spotlight the importance of sturdy authentication mechanisms and upright enter validation to end such serious security factors.
Source credit : cybersecuritynews.com