Cyber Resilience

CVE-2024-56086

High

Published: 16 December 2024

Published
16 December 2024
Modified
17 April 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0501 89.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56086 is a high-severity Command Injection (CWE-77) vulnerability in Logpoint Siem. Its CVSS base score is 7.1 (High).

Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-56086 affects Logpoint versions prior to 7.5.0 and stems from improper neutralization of special elements used in a command (CWE-77). Authenticated users can supply malicious payloads inside Report Templates; these payloads are later executed with the privileges of the backup process, resulting in remote code execution on the affected appliance.

An attacker with a low-privileged authenticated account on an adjacent network can create or modify a Report Template containing the injected payload. Once the backup workflow is triggered, the payload executes, granting the attacker the ability to run arbitrary commands and thereby compromise confidentiality, integrity, and availability of the Logpoint instance.

The vendor advisory published by Logpoint details the report-template injection vector and indicates that the issue is resolved in version 7.5.0. The associated EPSS score has remained flat at 0.05 with no material increase since disclosure.

EU & UK References

Vulnerability details

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

logpoint
siem
≤ 7.5.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References