CVE-2024-5719

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 78

Summary

CVE-2024-5719 is a critical vulnerability affecting the Logsign Unified SecOps Platform. This Command Injection flaw enables remote code execution, allowing unauthorized users to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability, but the current authentication mechanism can be bypassed. The root cause of this issue lies within the HTTP API, where a user-supplied string is not adequately validated before being used in a system call. Successful exploitation grants attackers full system privileges. (ZDI-CAN-24167)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share