CVE-2024-7602 is a directory traversal vulnerability classified under CWE-22 affecting Logsign Unified SecOps Platform version 6.4.20. The flaw arises from insufficient validation of user-supplied file paths in the platform's HTTP API service, which operates over HTTPS on TCP port 443. An authenticated attacker can manipulate path parameters to traverse directories outside the intended restricted directory, thereby accessing arbitrary files on the underlying system. Since the API runs with root privileges, the attacker can disclose highly sensitive information, potentially including system configuration files, credentials, or logs. The vulnerability does not require user interaction but does require valid authentication credentials, which could be obtained through legitimate user accounts or compromised credentials. The CVSS v3.0 base score is 6.5, reflecting a medium severity with high confidentiality impact but no impact on integrity or availability. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on this platform for security operations and monitoring. The lack of proper input sanitization in file path handling is the root cause, emphasizing the need for strict validation and sanitization of user inputs in API endpoints.

The primary impact of CVE-2024-7602 is unauthorized disclosure of sensitive information due to directory traversal. Attackers with valid credentials can access files outside the intended directory scope, potentially exposing critical system files, security logs, or credentials. This can lead to further compromise, including privilege escalation or lateral movement within the network. Organizations using Logsign Unified SecOps Platform may face data breaches, loss of confidentiality, and erosion of trust in their security monitoring infrastructure. Since the API runs with root privileges, the scope of accessible data is extensive, increasing the risk severity. The vulnerability does not directly affect system integrity or availability but can be a stepping stone for more severe attacks. The requirement for authentication limits exploitation to insiders or attackers who have compromised credentials, but this does not diminish the risk for organizations with weak credential management or insider threats.

1. Apply patches or updates from Logsign as soon as they become available to address this vulnerability. 2. In the absence of an official patch, implement strict input validation and sanitization on the HTTP API service to reject any path traversal sequences such as '../'. 3. Restrict access to the HTTP API service to trusted networks and users only, using network segmentation and firewall rules. 4. Enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of credential compromise. 5. Monitor and audit API access logs for unusual file access patterns or attempts to access unauthorized paths. 6. Limit the privileges of the API service process if possible, avoiding root-level execution to minimize impact. 7. Educate administrators and users about the risks of credential sharing and phishing to prevent unauthorized access. 8. Conduct regular security assessments and penetration testing focusing on API endpoints to detect similar vulnerabilities early.