CVE-2024-7604 is a medium-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting Logsign Unified SecOps Platform version 6.4.20. The flaw resides in the HTTP API service, which listens on TCP port 443 by default. The vulnerability stems from improper validation of the user's license expiration date, which is used as part of the authentication or authorization logic. This flaw allows a local attacker with some level of access to bypass authentication mechanisms, effectively granting unauthorized access to the system's functions or data. The vulnerability does not require user interaction and can be exploited without elevated privileges, but local access is mandatory. The impact primarily affects confidentiality and integrity, as unauthorized users may gain access to sensitive information or perform unauthorized actions within the platform. The vulnerability was assigned CVE-2024-7604 and was published on August 21, 2024. No public exploits are currently known, and no patches have been linked yet. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-25029.

The vulnerability allows unauthorized local users to bypass authentication, potentially exposing sensitive security operations data and controls managed by the Logsign Unified SecOps Platform. This can lead to unauthorized access to security event data, manipulation of security alerts, or unauthorized configuration changes, undermining the integrity and confidentiality of the security monitoring environment. Organizations relying on this platform for centralized security operations risk exposure of critical security telemetry and operational controls. Although availability is not directly impacted, the breach of confidentiality and integrity can facilitate further attacks or insider threats. The medium CVSS score reflects the requirement for local access and the absence of remote exploitation, limiting the scope but still posing a significant risk in environments where local access controls are weak or compromised.

Until an official patch is released, organizations should implement strict local access controls to limit who can access the Logsign Unified SecOps Platform server. Network segmentation should be used to restrict access to the management interface on TCP port 443 to trusted administrators only. Monitoring and logging of local access attempts should be enhanced to detect suspicious activity. Review and tighten license management processes to ensure license validation cannot be bypassed. Once a patch or update is available from Logsign, it should be applied promptly. Additionally, consider implementing multi-factor authentication and role-based access controls to reduce the risk of unauthorized local access. Conduct regular audits of user accounts and permissions on the platform to detect and remove unnecessary privileges.