CVE-2024-47770
Published: 03 February 2025
Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Security Summary
CVE-2024-47770 is a vulnerability in Wazuh, a free and open source platform used for threat prevention, detection, and response across on-premises, virtualized, containerized, and cloud-based environments. It arises from weak privilege access management (CWE-269), enabling privilege escalation that allows an attacker to view the agent list on the Wazuh dashboard without appropriate privilege access. The issue affects Wazuh versions prior to 4.9.1.
Exploitation requires network access (AV:N), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R), with no change in scope (S:U). A successful attack results in low impacts to confidentiality and integrity (C:L/I:L) but no availability impact (A:N), as reflected in its CVSS score of 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). An attacker with low privileges can leverage this to escalate access and view the agent list.
The vulnerability has been addressed in Wazuh release version 4.9.1, and all users are advised to upgrade. There are no known workarounds. Further details are provided in the GitHub security advisory at https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv.
Details
- CWE(s)