Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-9537
CVE-2024-9537:
ScienceLogic SL1 Agent vulnerability analysis and mitigation
Overview
ScienceLogic SL1 (formerly EM7) is affected by a critical zero-day vulnerability (CVE-2024-9537) involving an unspecified third-party component packaged with SL1. The vulnerability was discovered on September 24, 2024, when it was actively exploited in an attack on Rackspace's monitoring infrastructure. The vulnerability affects SL1 versions prior to 12.1.3, 12.2.3, and 12.3, and has been assigned a critical CVSS score of 9.8 (NVD, CISA KEV).
Technical details
The vulnerability is a remote code execution (RCE) flaw in an undisclosed third-party utility that is bundled with the ScienceLogic SL1 package. The specific details of the vulnerability have been withheld to prevent potential exploitation in other products that might use the same utility. The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it can be exploited remotely with no privileges or user interaction required (NVD).
Impact
The exploitation of this vulnerability allowed attackers to gain unauthorized access to monitoring systems and steal limited customer data. In the documented Rackspace incident, attackers accessed three internal monitoring web servers and obtained customer account names and numbers, usernames, device IDs, device information, IP addresses, and AES256 encrypted internal device agent credentials (Bleeping Computer, The Register).
Mitigation and workarounds
ScienceLogic has released patches to address the vulnerability in versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. Organizations are strongly advised to update to the patched versions immediately (Arctic Wolf).
Community reactions
ScienceLogic has taken a cautious approach by not disclosing the name of the vulnerable third-party utility to prevent potential exploitation in other products. The incident gained significant attention after being initially reported on social media platform X (formerly Twitter), leading to broader coverage in cybersecurity media (Bleeping Computer).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management