CVE-2024-48952

An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/
https://servicedesk.logpoint.com/hc/en-us/articles/21968950913693-Static-JWT-Key-enables-unauthorized-API-access
https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security

Configurations

No configuration.

History

08 Nov 2024, 19:01

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en Logpoint antes de la versión 7.5.0. SOAR usa una clave secreta JWT estática para generar tokens que permiten el acceso a los endpoints de la API de SOAR sin autenticación. Esta vulnerabilidad de clave estática permite a los atacantes crear claves secretas JWT personalizadas para el acceso no autorizado a estos endpoints.

07 Nov 2024, 20:35

Type	Values Removed	Values Added
CWE		CWE-306
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.4

07 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-07 17:15

Updated : 2024-11-08 19:01

NVD link : CVE-2024-48952

Mitre link : CVE-2024-48952

CVE.ORG link : CVE-2024-48952

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

6.4 /10