CVE-2024-5719
CVSS 3.0 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-5719 is a critical vulnerability affecting the Logsign Unified SecOps Platform. This Command Injection flaw enables remote code execution, allowing unauthorized users to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability, but the current authentication mechanism can be bypassed. The root cause of this issue lies within the HTTP API, where a user-supplied string is not adequately validated before being used in a system call. Successful exploitation grants attackers full system privileges. (ZDI-CAN-24167)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.