CVE-2019-7323

Name of the Vulnerable Software and Affected Versions LightySoft LogMX versions prior to 7.4.0

Description The issue concerns the generic update process in LightySoft LogMX, which fails to properly verify the authenticity of updates. This allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP, making it vulnerable to interception. An attacker could replace the LogMXUpdater.class file, potentially leading to malicious code execution.

Recommendations For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the update process until a secure version is available. Restrict access to the cleartext HTTP channel used by the update process to minimize the risk of exploitation. Avoid using the generic update process in unsecured networks until the issue is resolved.