CVE-2024-13058
Published: 30 December 2024
Summary
CVE-2024-13058 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Softiron (inferred from references). Its CVSS base score is 4.8 (Medium).
Operationally, ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51312
Vulnerability details
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such…
more
as VM Squared) software versions 2.3.0 to before 2.5.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Review helps detect improper privilege management by flagging unauthorized privilege changes or uses.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.
Ensures authorization decisions are always performed by a complete and analyzable reference monitor.
By mandating division of duties across roles, the control enforces proper privilege management and prevents a single entity from controlling an entire sensitive process.
Implements core proper privilege management by restricting to only required rights.
Training covers proper privilege management practices, making incorrect privilege assignments less likely.