CVE-2024-7603 is a directory traversal vulnerability classified under CWE-22 affecting Logsign Unified SecOps Platform version 6.4.20. The vulnerability exists in the HTTP API service, which listens on TCP port 443 by default. The root cause is the insufficient validation of user-supplied path inputs before they are used in file system operations. An authenticated attacker can exploit this flaw to craft specially crafted requests that traverse directories and delete arbitrary directories on the underlying system. Because the service runs with root privileges, the attacker can delete critical system or application directories, potentially causing denial of service or loss of important data. The vulnerability requires authentication but no user interaction, making it easier to exploit once credentials are obtained. The CVSS v3.0 base score is 7.1 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on availability and integrity. No public exploits have been reported yet, but the vulnerability was assigned and published by the Zero Day Initiative (ZDI) as ZDI-CAN-25028. The affected product is primarily used in security operations centers, making the impact significant for organizations relying on this platform for security monitoring and incident response.

The vulnerability allows attackers with valid credentials to delete arbitrary directories on the affected system with root privileges. This can lead to significant disruption of the Logsign Unified SecOps Platform, potentially causing denial of service by removing critical application files or system directories. The loss of data integrity and availability can impair security monitoring and incident response capabilities, increasing organizational risk. In environments where the platform is integrated with other security tools, this could cascade into broader operational impacts. Additionally, if attackers gain access to credentials through other means, they could leverage this vulnerability to escalate damage. The impact is particularly severe for organizations that depend heavily on this platform for real-time security operations, including enterprises, managed security service providers, and government agencies.

Organizations should immediately verify if they are running Logsign Unified SecOps Platform version 6.4.20 and restrict access to the HTTP API service on port 443 to trusted administrators only. Implement strict network segmentation and multi-factor authentication to reduce the risk of credential compromise. Monitor logs for suspicious API requests that attempt directory traversal patterns. If a patch or update is released by Logsign, apply it promptly. Until a patch is available, consider deploying web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the API. Conduct regular audits of user privileges to ensure only necessary users have access to the platform. Backup critical configuration and data regularly to enable recovery in case of directory deletion. Finally, educate administrators about the risks of credential theft and enforce strong password policies.