#VU99246 Input validation error in SL1 - CVE-2024-9537
Published: October 22, 2024
Vulnerability identifier: #VU99246
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2024-9537
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
SL1
SL1
Software vendor:
ScienceLogic
ScienceLogic
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unspecified vulnerability within the third-party component used by SL1. A remote non-authenticated attacker can send a specially crafted request to the portal and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install updates from vendor's website.
External links
- https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
- https://twitter.com/ynezzor/status/1839931641172467907
- https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/
- https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/
- https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/
- https://support.sciencelogic.com/s/article/15465
- https://support.sciencelogic.com/s/article/15527
- https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537