CVE-2024-23758 is a vulnerability identified in Unisys Stealth version 5.3.062.0 that permits attackers to gain unauthorized access to sensitive information through the Enterprise ManagementInstaller_msi.log file. This vulnerability is categorized under CWE-532, which involves exposure of sensitive information through log files. The flaw allows remote attackers to read this log file without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability impacts confidentiality severely (C:H), while integrity and availability remain unaffected (I:N/A:N). The root cause is the improper handling or protection of sensitive data within the MSI installer log, which may contain credentials, configuration details, or other sensitive operational information. Although no exploits have been reported in the wild, the ease of exploitation and the nature of the exposed data make this a critical concern for organizations relying on Unisys Stealth for network security and segmentation. No patches or remediation guidance have been officially released at the time of this report, necessitating immediate interim protective measures. The vulnerability was reserved in January 2024 and published in February 2024, reflecting recent discovery and disclosure.

The primary impact of CVE-2024-23758 is the unauthorized disclosure of sensitive information, which can lead to further attacks such as credential theft, lateral movement, or targeted intrusion campaigns. Organizations using Unisys Stealth for network segmentation and secure communications could have critical operational details exposed, undermining their security posture. Since the vulnerability does not affect integrity or availability, direct system disruption is unlikely; however, the confidentiality breach can facilitate more severe attacks. The lack of required privileges or user interaction lowers the barrier to exploitation, increasing the risk of automated or opportunistic attacks. This vulnerability can affect enterprises, government agencies, and critical infrastructure sectors that depend on Unisys Stealth for secure network management. The absence of known exploits in the wild suggests limited immediate exploitation but does not preclude future attacks once exploit code becomes available.

1. Immediately restrict access permissions to the Enterprise ManagementInstaller_msi.log file to only trusted administrators and system processes. 2. Implement strict network segmentation and firewall rules to limit remote access to systems running Unisys Stealth management components. 3. Monitor and audit access logs for any unauthorized attempts to read or copy the MSI log files. 4. If possible, temporarily disable or relocate the logging feature that generates the sensitive MSI log until a patch is available. 5. Engage with Unisys support to obtain guidance or early patches addressing this vulnerability. 6. Employ host-based intrusion detection systems (HIDS) to detect anomalous file access patterns. 7. Educate system administrators about the sensitivity of installer logs and the importance of securing them. 8. Plan for rapid deployment of official patches once released, including testing in staging environments to prevent operational disruptions. 9. Consider encrypting sensitive log files if supported by the environment to add an additional layer of protection.