HTTP: Logsign Unified SecOps Platform Missing Authentication
This signature detects attempts to exploit a known vulnerability against Logsign Unified SecOps Platform. A successful attack can lead to security bypass.
Extended Description
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169.
Short Name
HTTP:CTS:LOGSIGN-SECOPS-AUTH
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authentication CVE-2024-5721 Logsign Missing Platform SecOps Unified
Release Date
08/23/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Rarely