PT-2024-38445 · Logsign · Logsign Unified Secops Platform

Mile Thanapattheerakul

Published

2024-08-08

Updated

2024-08-25

CVE-2024-7604

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Logsign Unified SecOps Platform (affected versions not specified)

Description This issue allows local attackers to bypass authentication on affected installations. The flaw exists within the HTTP API service, which listens on TCP port 443 by default, due to the lack of proper validation of the user's license expiration date. An attacker can leverage this to bypass authentication on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2024-7604

ZDI-24-1104

Affected Products

Logsign Unified Secops Platform

PT-2024-38445 · Logsign · Logsign Unified Secops Platform

CVE-2024-7604

Weakness Enumeration

Related Identifiers

Affected Products

References · 7