CVE-2024-23758 – This vulnerability in Unisys Stealth 5.3.062.0 ... (How to Fix)

📋 TL;DR

This vulnerability in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information stored in the EnterpriseManagementInstaller_msi.log file. Organizations using this specific version of Unisys Stealth are affected by this information disclosure vulnerability.

💻 Affected Systems

Products:

Unisys Stealth

Versions: 5.3.062.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version 5.3.062.0 of Unisys Stealth

📦 What is this software?

Stealth by Unisys

View all CVEs affecting Stealth →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access credentials, configuration details, or other sensitive data that could lead to further system compromise or data exfiltration.

🟠

Likely Case

Unauthorized users gain access to sensitive system information that could be used for reconnaissance or to facilitate other attacks.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to potential information leakage without direct system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the log file location, which typically requires some level of system access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version beyond 5.3.062.0

Vendor Advisory: https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=70

Restart Required: Yes

Instructions:

1. Download latest Unisys Stealth version from vendor portal
2. Backup current configuration
3. Run installer with administrative privileges
4. Restart affected systems
5. Verify installation and functionality

🔧 Temporary Workarounds

Restrict log file permissions

windows

Set strict file permissions on the EnterpriseManagementInstaller_msi.log file to prevent unauthorized access

icacls "C:\Path\To\EnterpriseManagementInstaller_msi.log" /inheritance:r /grant:r "SYSTEM:(F)" "Administrators:(F)"

Move or rename log file

windows

Relocate the log file to a more secure location or rename it to obscure its purpose

move "C:\Path\To\EnterpriseManagementInstaller_msi.log" "C:\Secure\Location\NewName.log"

🧯 If You Can't Patch

Implement strict access controls on the directory containing the log file
Enable auditing and monitoring for access attempts to the sensitive log file

🔍 How to Verify

Check if Vulnerable:

Check if Unisys Stealth version 5.3.062.0 is installed and if the EnterpriseManagementInstaller_msi.log file exists with sensitive information

Check Version:

Check Unisys Stealth version in Control Panel > Programs and Features or via vendor-specific version check command

Verify Fix Applied:

Verify Unisys Stealth version is updated beyond 5.3.062.0 and check that log file no longer contains sensitive information or is properly secured

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to EnterpriseManagementInstaller_msi.log file
File permission changes on the log file

Network Indicators:

Unusual file access patterns from non-admin accounts

SIEM Query:

EventID=4663 AND ObjectName LIKE '%EnterpriseManagementInstaller_msi.log%' AND NOT SubjectUserName IN ('SYSTEM', 'Administrator')

📊 Metadata

CVE ID: CVE-2024-23758

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

Published: February 20, 2024

Last Updated: May 2, 2025

🔗 References

https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=70 Vendor Advisory
https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=70 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23758, you might also want to check these: