CVE-2024-7601 is a path traversal vulnerability identified in the Logsign Unified SecOps Platform, specifically affecting version 6.4.20. The flaw resides in the HTTP API service, which operates over HTTPS on TCP port 443. The vulnerability arises from insufficient validation of user-supplied file paths in the 'data_export_delete_all' functionality, allowing an authenticated attacker to traverse directories and delete arbitrary files on the host system. Because the deletion occurs with root-level privileges, the attacker can remove critical system or application files, potentially leading to denial of service or compromising system integrity. The vulnerability requires authentication but does not require additional user interaction, making it easier to exploit once credentials are obtained. The CVSS v3.0 score of 7.1 reflects a high severity due to the network attack vector, low attack complexity, and significant impact on availability and integrity. No public exploits have been reported yet, but the vulnerability was reserved and published recently, indicating it is a fresh threat. The root cause is categorized under CWE-22, which involves improper limitation of pathname to a restricted directory, a common issue in file handling operations. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

The primary impact of this vulnerability is the potential for an attacker with valid credentials to delete arbitrary files on the affected system with root privileges. This can lead to severe consequences including denial of service due to deletion of critical system or application files, loss of important logs or configuration data, and disruption of security monitoring capabilities provided by the Logsign platform. Organizations relying on this platform for security operations could face operational downtime, increased risk of undetected security incidents, and potential data loss. The ability to delete files remotely over the network without user interaction increases the risk of automated or scripted attacks once credentials are compromised. This vulnerability could also be leveraged as part of a broader attack chain to weaken the security posture of targeted organizations.

To mitigate this vulnerability, organizations should first verify if they are running Logsign Unified SecOps Platform version 6.4.20 and restrict access to the HTTP API service to trusted networks and users only. Implement strict access controls and monitor authentication logs for suspicious activity to detect unauthorized access attempts. Employ network segmentation and firewall rules to limit exposure of the management interface on port 443. Until an official patch is released, consider disabling or restricting the 'data_export_delete_all' API endpoint if possible. Conduct regular backups of critical files and configurations to enable recovery in case of file deletion. Additionally, enforce strong authentication mechanisms such as multi-factor authentication to reduce the risk of credential compromise. Monitor vendor advisories closely for patches or updates addressing this vulnerability and apply them promptly once available.