CVE-2024-56086 – Authenticated users in Logpoint versions before... (How to Fix)

Q: What is the severity of CVE-2024-56086?

CVE-2024-56086 has a CVSS score of 7.1 (HIGH). Authenticated users in Logpoint versions before 7.5.0 can inject malicious payloads into Report Templates. When backups are initiated, these payloads execute, allowing remote code execution on the Logpoint server. This affects all organizations using vulnerable Logpoint versions with authenticated user accounts.

📋 TL;DR

Authenticated users in Logpoint versions before 7.5.0 can inject malicious payloads into Report Templates. When backups are initiated, these payloads execute, allowing remote code execution on the Logpoint server. This affects all organizations using vulnerable Logpoint versions with authenticated user accounts.

💻 Affected Systems

Products:

Logpoint

Versions: All versions before 7.5.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to create or modify report templates.

📦 What is this software?

Siem by Logpoint

View all CVEs affecting Siem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code with the privileges of the Logpoint service, potentially leading to data theft, lateral movement, or complete system takeover.

🟠

Likely Case

Privilege escalation from authenticated user to system-level access, enabling data exfiltration, installation of persistence mechanisms, or disruption of security monitoring.

🟢

If Mitigated

Limited impact if proper access controls restrict template creation to trusted administrators only and backups are monitored.

🌐 Internet-Facing: MEDIUM - While authentication is required, internet-facing Logpoint instances could be targeted if credentials are compromised.

🏢 Internal Only: HIGH - Insider threats or compromised internal accounts could exploit this to gain elevated privileges and compromise the security monitoring system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and knowledge of template injection techniques. The vulnerability is in the backup process triggered by administrators.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.5.0

Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download Logpoint 7.5.0 from official sources. 3. Follow Logpoint upgrade documentation for your deployment type. 4. Verify successful upgrade and functionality.

🔧 Temporary Workarounds

Restrict Template Creation

all

Limit report template creation and modification to trusted administrators only using role-based access controls.

Monitor Backup Activities

all

Implement strict monitoring and alerting for backup initiation and template modifications.

🧯 If You Can't Patch

Implement strict access controls to limit who can create or modify report templates
Disable or restrict backup functionality to essential administrators only

🔍 How to Verify

Check if Vulnerable:

Check Logpoint version via web interface or command line. If version is below 7.5.0, the system is vulnerable.

Check Version:

Check web interface dashboard or consult Logpoint documentation for version check commands specific to your deployment.

Verify Fix Applied:

After upgrading, confirm version is 7.5.0 or higher and test report template functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual report template modifications
Suspicious backup process initiation
Unexpected system command execution

Network Indicators:

Unusual outbound connections from Logpoint server following backups

SIEM Query:

source="logpoint" AND (event_type="template_modification" OR event_type="backup_initiated") AND user NOT IN ["trusted_admins"]

📊 Metadata

CVE ID: CVE-2024-56086

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: December 16, 2024

Last Updated: April 17, 2025

🔗 References

https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56086, you might also want to check these: