CVE-2024-9257: Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-9257

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

LogSign Unified SecOps Platform 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Logsign Unified SecOps Platform是Logsign公司的一个安全运营平台。用于收集、存储、分析和响应来自各种来源的安全数据。 LogSign Unified SecOps Platform 6.4.26之前版本存在输入验证错误漏洞，该漏洞源于缺乏在文件操作中使用用户提供文件名的适当验证，存在任意文件删除漏洞，允许远程攻击者删除敏感目录中的任意文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Logsign	Unified SecOps Platform	6.4.24	-

II. Public POCs for CVE-2024-9257

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-9257

Please Login to view more intelligence information

https://www.zerodayinitiative.com/advisories/ZDI-24-1295/x_research-advisory
https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notesvendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-9257

New Vulnerabilities

Product: Unified SecOps Platform

Vendor: Logsign

Same weakness: CWE-20

V. Comments for CVE-2024-9257

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2024-9257

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-9257

III. Intelligence Information for CVE-2024-9257

New Vulnerabilities

V. Comments for CVE-2024-9257

Leave a comment