CVE-2024-33857 – A Server-Side Request Forgery (SSRF) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-33857?

CVE-2024-33857 has a CVSS score of 9.6 (CRITICAL). A Server-Side Request Forgery (SSRF) vulnerability in Logpoint versions before 7.4.0 allows attackers with low-level access to make unauthorized requests from the server. This occurs due to insufficient input validation on URLs in threat intelligence features. Organizations running vulnerable Logpoint versions are affected.

📋 TL;DR

A Server-Side Request Forgery (SSRF) vulnerability in Logpoint versions before 7.4.0 allows attackers with low-level access to make unauthorized requests from the server. This occurs due to insufficient input validation on URLs in threat intelligence features. Organizations running vulnerable Logpoint versions are affected.

💻 Affected Systems

Products:

Logpoint

Versions: All versions before 7.4.0

Operating Systems: All supported Logpoint OS platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires threat intelligence feature with URL processing enabled.

📦 What is this software?

Siem by Logpoint

View all CVEs affecting Siem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could access internal services, exfiltrate sensitive data, or pivot to other systems in the network.

🟠

Likely Case

Unauthorized access to internal HTTP services, potential data leakage from internal endpoints.

🟢

If Mitigated

Limited impact if network segmentation restricts internal service access from Logpoint server.

🌐 Internet-Facing: MEDIUM - Requires attacker to have low-level access first, but could lead to internal network compromise.

🏢 Internal Only: HIGH - Attackers with internal access could exploit this to pivot through the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low-level access to Logpoint system. Exploitation involves crafting malicious URLs in threat intelligence.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.0

Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence

Restart Required: Yes

Instructions:

1. Backup Logpoint configuration. 2. Upgrade to Logpoint 7.4.0 or later. 3. Restart Logpoint services. 4. Verify threat intelligence functionality.

🔧 Temporary Workarounds

Disable threat intelligence URL processing

all

Temporarily disable URL-based threat intelligence features until patching

# Requires Logpoint admin console access
# Navigate to Settings > Threat Intelligence > Disable URL processing

Network segmentation

linux

Restrict Logpoint server network access to only required internal services

# Configure firewall rules to limit outbound connections from Logpoint server
# Example: iptables -A OUTPUT -p tcp --dport 80 -j DROP
# Example: iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to limit Logpoint server outbound connections
Monitor all outbound HTTP/HTTPS requests from Logpoint server for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check Logpoint version via admin console or command: cat /etc/logpoint/version

Check Version:

cat /etc/logpoint/version

Verify Fix Applied:

Confirm version is 7.4.0 or later and test threat intelligence URL functionality

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Logpoint server
Multiple failed URL validations in threat intelligence logs

Network Indicators:

Unexpected HTTP/HTTPS traffic from Logpoint server to internal services
Requests to unusual ports or internal IP ranges

SIEM Query:

source="logpoint" AND (http_request OR url_validation) AND (status="failed" OR dest_ip=~"10.*|192.168.*|172.16.*")

📊 Metadata

CVE ID: CVE-2024-33857

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-918

Published: May 7, 2024

Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33857, you might also want to check these: