CVE-2024-55215
Published: 07 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-55215 is a privilege escalation vulnerability in trojan versions 2.0.0 through 2.15.3. The flaw resides in the initialization interface at /auth/register, where incorrect default permissions (CWE-276) enable unauthorized privilege elevation. Published on 2025-02-07, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and lack of prerequisites.
A remote attacker requires no privileges, authentication, or user interaction to exploit the vulnerability over the network. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise through escalated privileges.
A proof-of-concept for unauthorized exploitation in a Jrohy-trojan context is available at https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md. No vendor advisories or specific patch details are referenced in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote unauthenticated privilege escalation via the /auth/register interface of the Jrohy-trojan proxy service, facilitating exploitation of a public-facing application for initial access (T1190) and exploitation for privilege escalation (T1068).