CVE-2024-9537
Published: 18 October 2024
Summary
CVE-2024-9537 is a critical-severity an unspecified weakness vulnerability in Sciencelogic Sl1. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-7 (Boundary Protection).
Deeper analysis
ScienceLogic SL1, formerly known as EM7, contains an unspecified vulnerability in an unspecified third-party component included in the product. The flaw affects multiple version lines and is resolved in SL1 releases 12.1.3 and later, 12.2.3 and later, and 12.3 and later, with backported fixes supplied for the 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x branches.
The vulnerability carries a CVSS 4.0 score of 9.3 reflecting network attack vector, low complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. An unauthenticated remote attacker can therefore leverage the flaw to compromise affected SL1 instances.
Vendor advisories direct customers to apply the listed updates. Public reporting links the issue to a zero-day exploitation that contributed to the Rackspace breach, and the EPSS score has reached a peak of 0.6440 with a current value of 0.6391.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49996
Vulnerability details
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to…
more
version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
- CWE(s)
- KEV Date Added
- 21 October 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification and remediation of software flaws via vendor patches, which is the explicit fix for CVE-2024-9537 across all affected SL1 versions.
Enables continuous monitoring of the SL1 platform to identify exploitation attempts or anomalous behavior tied to the unauthenticated remote compromise.
Restricts network-accessible interfaces on SL1, reducing the attack surface for the zero-day flaw that requires no authentication.