CVE-2024-5722

NONE EPSS 60.7%
Published Nov 22, 20241y ago · Modified Jun 17, 20261w ago
Find Similar
Published Nov 22, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170.

Threat Intelligence

EPSS Exploit Probability
60.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-321
CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 1

VendorProductVersionRange
logsignunified_secops_platform*≥6.4.6  –  <6.4.8

References 2

  • support.logsign.net https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes
    Release Notes
  • zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-24-614/
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.