How severe is CVE-2024-5722?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-5722?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2024-5722 - HIGH Severity | CVSS 8.8

Vulnerability Description

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170.

Related Vulnerabilities

CVE-2020-7846

HIGH

CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH

CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021

CVE-2022-0664

HIGH

CVSS:8.8(High)

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CWE-3212022

CVE-2022-20868

HIGH

CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker...

CWE-3212022

CVE-2022-23650

HIGH

CVSS:8.8(High)

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can...

CWE-3212022

CVE-2023-20038

HIGH

CVSS:8.8(High)

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credenti...

CWE-3212023