From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability 2. Vulnerability ID: ZDI-24-619, ZDI-CAN-24167 3. CVE ID: CVE-2024-5719 4. CVSS Score: 8.8 5. Affected Vendor: Logsign 6. Affected Product: Unified SecOps Platform 7. Vulnerability Description: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Logsign Unified SecOps Platform installations. - Although authentication is required to exploit the vulnerability, the existing authentication mechanism can be bypassed. - The issue lies in the implementation of the HTTP API, where user-supplied strings are not properly validated before being used in system calls. - Attackers can leverage this vulnerability to execute code with root privileges. 8. Additional Information: - Logsign has released an update to fix this vulnerability. - More details can be found at: https://support.logsign.net/hc/en-us/articles/19316621924754-03-06-2024-Version-6-4-8-Release-Notes 9. Disclosure Timeline: - 2024-05-31: Vulnerability reported to vendor - 2024-06-12: Coordinated public disclosure of vulnerability advisory - 2024-08-15: Updated advisory released 10. Credit: - Mehmet INCE (@mdisec) from PRODAFT.com This information provides a detailed description of the vulnerability and the remediation steps.