Logsign Unified SecOps Platform Arbitrary File Deletion via delete_gsuite_key_file (CVE-2024-9257)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability 2. Vulnerability ID: ZDI-24-1295, ZDI-CAN-25265 3. CVE ID: CVE-2024-9257 4. CVSS Score: 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 5. Affected Vendor: Logsign 6. Affected Product: Unified SecOps Platform 7. Vulnerability Details: - Remote attackers can delete arbitrary files within sensitive directories of an affected Logsign Unified SecOps Platform installation. - The vulnerability exists in the endpoint, due to insufficient validation of user-supplied filenames, leading to improper file operations. - Attackers can exploit this vulnerability to delete critical files on the system. 8. Additional Details: - Logsign has released an update to fix this vulnerability. - More details can be found at the following link: https://support.logsign.net/hc/en-us/articles/21062889743762-30-08-2024-Version-6-4-26-Release-Notes 9. Disclosure Timeline: - 2024-08-27 - Vulnerability reported to vendor - 2024-09-26 - Coordinated public disclosure of vulnerability advisory - 2024-09-26 - Vulnerability advisory updated 10. Credit: - Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro This information provides a detailed description of the vulnerability, including its severity, affected systems and vendors, remediation steps, and the disclosure timeline.

Goal Reached Thanks to every supporter — we hit 100%!

Logsign Unified SecOps Platform Arbitrary File Deletion via delete_gsuite_key_file (CVE-2024-9257)