How severe is CVE-2024-5718?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-5718?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2024-5718 - HIGH Severity | CVSS 8.1

Vulnerability Description

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166.

Related Vulnerabilities

CVE-2017-12720

HIGH

CVSS:8.1(High)

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication i...

CWE-3062017

CVE-2017-3217

HIGH

CVSS:8.1(High)

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interf...

CWE-3062017

CVE-2019-11061

HIGH

CVSS:8.1(High)

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/sma...

CWE-3062019

CVE-2019-14984

HIGH

CVSS:8.1(High)

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/x...

CWE-3062019

CVE-2019-3411

HIGH

CVSS:8.1(High)

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit th...

CWE-3062019

CVE-2019-6447

HIGH

CVSS:8.1(High)

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi netwo...

CWE-3062019