CVE-2024-5718
published 2024-11-22CVE-2024-5718: Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary…
PriorityP263high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.44%
70.0th percentile
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| logsign | unified_secops_platform | — | — |
| logsign | unified_secops_platform | >= 6.4.6 < 6.4.8 | 6.4.8 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Websense Content Gateway submit_net_debug.cgi cmd_param Param Buffer Overflow Attempt
suricata·2015-08-18
CVE-2015-5718 ET EXPLOIT Websense Content Gateway submit_net_debug.cgi cmd_param Param Buffer Overflow Attempt
ET EXPLOIT Websense Content Gateway submit_net_debug.cgi cmd_param Param Buffer Overflow Attempt
Rule: alert http any any -> any 8081 (msg:"ET EXPLOIT Websense Content Gateway submit_net_debug.cgi cmd_param Param Buffer Overflow Attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/submit_net_debug.cgi"; nocase; http.request_body; content:"cmd_param="; nocase; isdataat:500,relative; content:!"|0A|"; within:500; pcre:"/[\?\&]cmd_param=[^\&\r\n]{500}/si"; reference:cve,2015-5718; reference:url,seclists.org/fulldisclosure/2015/Aug/8; classtype:web-application-attack; sid:2021644; rev:5; metadata:created_at 2015_08_18, cve CVE_2015_5718, confidence High, signature_severity Major, updated_at 2024_03_06;)
No public exploits indexed.
No writeups or analysis indexed.
2024-11-22
Published