0daysto.live

0daysto.live

Rackspace say there is a zero day in ScienceLogic EM7, which has been exploited inside Rackspace.

https://x.com/ynezzor/status/1839931641172467907

Rackspace outage report from 24th September 2024 (doesn't mention a security incident): https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6

ScienceLogic haven't got anything on their support site about a new vulnerability.

@ Downhound & @downhounder - Sep 24 ‘@ Automated

Is Rackspace down?

#Rackspace status:

AWARENESS: SciencelLogic| app Down | All Regions. More: bit.ly/4gBabga

Seeing this? Please retweet. A,

@Rackspace can you help?

Show more

ynezz

@ynezzor Oopsie, a zero-day remote code execution vulnerability was exploited ... third-party Sciencelogic application used by Rackspace. We have confirmed that the exploit of this third-party application resulted in access to three internal Rackspace monitoring webservers. 8:34 AM - Sep 28, 2024 - 135 Views

The outage link says the incident is ongoing

The Register has picked up this story.

Sciencelogic say the vulnerability is in a third party software library and no CVE has been issued, and they’re declining to name the library.

One to watch. Smells of dead bodies in cupboards. https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/

@GossiTheDog why do i have the feeling it is either python or javascript?

Sciencelogic have published a security update for ScienceLogic SL1 which fixes the zero day vulnerability.. but they’ve put it behind a paywall, haven’t told customers and haven’t issued a CVE.

PSA for ScienceLogic SL1 customers - go to the support portal and download and apply the security hotfix for the product.

They haven't told people to do this and haven't allocated a CVE and locked it behind a support paywall -- but there's an actively exploited zero day in the product they're trying to actively downplay.

Does anybody know which third party application within ScienceLogic is the vulnerable one?

ScienceLogic are refusing to disclose, as are Rackspace, so it’s created this ridiculous situation where there’s an actively exploited zero day in the wild where there’s zero information on how to protect and detect.

My Signal address is in my profile.

I have a fun blog about the ScienceLogic situation due to drop on Monday entitled “ScienceLogic and their security vulnerability cover ups”.

A CVE has been allocated for the ScienceLogic ‘third party application’ zero day that lead to the Rackspace breach. CVE-2024-9537

Patches have been made available finally.

The articles for it are all behind a paywall on ScienceLogic portal.

The vulnerability description is an “unspecified vulnerability”.

Friday night dump.

Previously on ScienceLogic - the time where they threatened legal action during a vulnerability report via MITRE. https://web.archive.org/web/20230816081531/https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/

@GossiTheDog their software must be filled with issues 👀
replies
0
announces
0
likes
0

Aside from having one of the worst vulnerability disclosure processes from any vendor, ScienceLogic also now has a CVE allocated by... CISA.

Maybe they can make legal threats to the USG this time... or hire some security people.

Additional updates coming on the ScienceLogic saga. I think they've lied about the nature of the vulnerability.