Logpoint's AgentX offers endpoint security for both Windows and Linux systems. It collects and transfers log data and telemetry from endpoints to Logpoint. When integrated with Logpoint SOAR, AgentX enables real-time investigation and resolution of security threats, helping detect malicious software and respond to risks within Logpoint's cybersecurity platform. Additionally, it features active response capabilities, allowing automated actions based on incoming log data.
AgentX operates in a client-server model, where agents connect to a central manager. The manager runs in isolation within a Logpoint instance, ensuring that even high-privilege users, such as SIEM admins, cannot access it. We've fixed several vulnerabilities in the AgentX Manager that could potentially be exploited if an attacker gains control of the manager. While the risk of exploitation is minimal, our defense-in-depth strategy prioritizes proactive security, which is why we addressed these issues as a top priority.
The following vulnerabilities were observed and fixed in AgentX Manager:
SN |
CVE ID/LVD ID |
Description |
CVSS Score |
Fix Version |
---|---|---|---|---|
1 |
CVE-2023-42463 |
Attackers could potentially inject malicious logs to trigger a stack overflow. This exploitation in highly targeted attacks could lead to Remote Code Execution. |
8.8(High) |
AgentX v1.5.0 |
2 |
CVE-2023-50260 |
A script used by AgentX for active response had a validation flaw which allowed an attacker to overwrite the file, potentially triggering code execution on the host system. |
8.8(High) |
AgentX v1.5.0 |
3 |
CVE-2022-40497 |
Attackers, if they gained access to AgentX manager, could potentially trigger arbitrary binaries as part of the active response in the host system leading to Remote Code Execution. |
7.8(High) |
AgentX v1.5.0 |
4 |
LVD-2024-017 |
A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about Logpoint deployment. |
6.9(Medium) |
AgentX v1.5.0 |
To mitigate these security risks, upgrade to AgentX v1.5.0. For further assistance, please contact support.
Comments
Article is closed for comments.