CVE-2024-55062
Published: 31 January 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-55062 is a code injection vulnerability (CWE-77) affecting EasyVirt DCScope versions up to and including 8.6.0 and CO2Scope versions up to and including 1.3.0. The flaw resides in the /api/license/sendlicense/ endpoint, where insufficient input validation enables malicious payloads to be processed.
Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows attackers to execute arbitrary code on the targeted system, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability.
Further details, including potential mitigation guidance, are documented in advisories available at https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a code injection vulnerability in a public-facing API endpoint (/api/license/sendlicense/) that allows remote unauthenticated arbitrary code execution, directly enabling exploitation of public-facing applications.