CVE-2024-5718
CVSS 3.0 Score 8.1 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 306
Summary
CVE-2024-5718 is a remote code execution vulnerability affecting the Logsign Unified SecOps Platform. This issue permits unauthenticated attackers to execute arbitrary code on vulnerable installations, exploiting a flaw in the cluster HTTP API, which listens on port 1924 by default. The root cause is the absence of authentication before granting access to certain functionality, resulting in potential code execution with root privileges. ZDI-CAN-24166 disclosed this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share