CVE-2024-56086
Published: 16 December 2024
Summary
CVE-2024-56086 is a high-severity Command Injection (CWE-77) vulnerability in Logpoint Siem. Its CVSS base score is 7.1 (High).
Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-56086 affects Logpoint versions prior to 7.5.0 and stems from improper neutralization of special elements used in a command (CWE-77). Authenticated users can supply malicious payloads inside Report Templates; these payloads are later executed with the privileges of the backup process, resulting in remote code execution on the affected appliance.
An attacker with a low-privileged authenticated account on an adjacent network can create or modify a Report Template containing the injected payload. Once the backup workflow is triggered, the payload executes, granting the attacker the ability to run arbitrary commands and thereby compromise confidentiality, integrity, and availability of the Logpoint instance.
The vendor advisory published by Logpoint details the report-template injection vector and indicates that the issue is resolved in version 7.5.0. The associated EPSS score has remained flat at 0.05 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52977
Vulnerability details
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.