CVE-2019-3484

Vulnerability

A remote code execution vulnerability exists in Micro Focus ArcSight Logger versions prior to 6.7. Affected versions include 5.0, 5.1, 5.2, 5.3, 5.5, 6.0, 6.1, 6.11, 6.21, 6.3, 6.31, 6.4, 6.41, 6.5, 6.6, and 6.61 [1]. The specific code path is not detailed in the available references, but the advisory describes it as a remote code execution issue [1].

Exploitation

According to the advisory [1], an unauthenticated attacker can exploit this vulnerability remotely, requiring only network access to the ArcSight Logger instance. The exact attack vector has not been publicly disclosed, but it likely involves sending specially crafted requests to the logger's web interface or API [1].

Impact

Successful exploitation grants the attacker arbitrary code execution on the ArcSight Logger server with the privileges of the service account, typically leading to full system compromise. The attacker can then access all stored log data, modify configurations, and potentially pivot to other systems in the network.

Mitigation

The vulnerability is fixed in ArcSight Logger version 6.7, released on 2019-03-11 [1]. Users must upgrade to this version or later to remediate the issue. No workaround has been provided by the vendor. There is no indication that this CVE is listed in CISA's Known Exploited Vulnerabilities catalog.