Some Logpoint customers have been contacted by a Netherlands-based penetration testing service provider about several vulnerabilities in Logpoint's platform.
Patches for the vulnerabilities will be available for the Priority Access build 7.5.0 on October 23, 2024, which is was made Generally Available on October 30, 2024 and is now ready to install.
Logpoint advises that you upgrade to 7.5.0 as soon as possible and limit access to the GUI to known and trusted hosts in the meantime.
To access the Priority Access build, please contact Support via the Service Desk
As always, we will continue to take the learnings from this instance into account for how we score, how we pen-test, and how we continue to harden the appliance.
Timeline of events
On May 20, 2024, Logpoint received notice of three vulnerabilities from the penetration testing service.
On July 22nd, 2024, Logpoint received notice of additional vulnerabilities from the penetration testing service.
On October 3, 2024, Logpoint released patches to Priority Access release of 7.5.0, with General Access on October 30th for the four patches marked LP 7.5.0 below.
Vulnerability details and assessment
| SN | Title |
CVSS 4.0 Score |
Prerequisites | Fix Version |
| 1 | Authentication Bypass using methods in the Authentication Modules | 7.7 |
Attackers require local network access to Logpoint instance in customer environment. At least one Authentication Module should be configured and active. |
LP 7.5.0 |
| 2 | Authentication Bypass and CSRF bypass due to use of internal parameter |
7.7
|
Attackers require local network access to Logpoint instance in customer environment. | LP 7.5.0 |
| 3 | Server-Side Request Forgery leads to Authentication Bypass on Logpoint SIEM Backend |
7.7
|
Attackers require local network access to Logpoint instance in customer environment. SOAR must be enabled. |
LP 7.5.0 |
| 4 | Authentication Bypass due to the Static JWT Secret Key |
6.1
|
Attackers require local network access to Logpoint instance in customer environment. SOAR must be enabled. |
LP 7.5.0 |
| 5 |
Authenticated Command Injection Vulnerability via Backup Process
|
7.5
|
Attackers require local network access to Logpoint instance in customer environment. SOAR must be enabled. |
LP 7.5.0 |
| 6 |
Authenticated Code Evaluation Remote Code Execution Universal Normalizer
|
7.5
|
Attackers require local network access to Logpoint instance in customer environment. Attackers need to create a Universal Normalizer Package to initiate the attack. To create a Universal Normalizer Package, you need at least operator access to Logpoint. |
LP 7.5.0 |
| 7 |
Low Privilege User Remote Code Execution via Server-Side Template Injection Dashboard query-info
|
5.9
|
Attackers require local network access to Logpoint instance in customer environment. Attackers need to create a Search Template to initiate the attack. To create a Search Template, you need at least operator access to Logpoint. |
LP 7.5.0 |
Please reach out to our Support Team with any questions.
-The team at Logpoint
Comments
Article is closed for comments.