CVE-2024-47770

Medium

Published: 03 February 2025

Published

03 February 2025

Modified

16 September 2025

KEV Added

—

Patch

—

CVSS Score 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS Score 0.0014 34.2th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47770 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Wazuh Wazuh. Its CVSS base score is 4.6 (Medium).

Operationally, ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces the principle of least privilege to directly counter weak privilege access management and prevent privilege escalation to view the Wazuh agent list.

AC-3 Access Enforcement good match

prevent

Requires enforcement of approved authorizations, mitigating unauthorized access to the agent list on the Wazuh dashboard due to improper access controls.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation through patching to Wazuh version 4.9.1, eliminating the specific privilege escalation vulnerability.

NVD Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows…

an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Deeper analysisAI

CVE-2024-47770 is a vulnerability in Wazuh, a free and open source platform used for threat prevention, detection, and response across on-premises, virtualized, containerized, and cloud-based environments. It arises from weak privilege access management (CWE-269), enabling privilege escalation that allows an attacker to view the agent list on the Wazuh dashboard without appropriate privilege access. The issue affects Wazuh versions prior to 4.9.1.

Exploitation requires network access (AV:N), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R), with no change in scope (S:U). A successful attack results in low impacts to confidentiality and integrity (C:L/I:L) but no availability impact (A:N), as reflected in its CVSS score of 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). An attacker with low privileges can leverage this to escalate access and view the agent list.

The vulnerability has been addressed in Wazuh release version 4.9.1, and all users are advised to upgrade. There are no known workarounds. Further details are provided in the GitHub security advisory at https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv.

Details

CWE(s): CWE-269

Affected Products

wazuh

≤ 4.9.1

CVEs Like This One

CVE-2026-25770Same product: Wazuh Wazuh

CVE-2025-15612Same product: Wazuh Wazuh

CVE-2024-35177Same product: Wazuh Wazuh

CVE-2026-32983Same product: Wazuh Wazuh

CVE-2026-30893Same product: Wazuh Wazuh

CVE-2025-15615Same product: Wazuh Wazuh

CVE-2026-28221Same product: Wazuh Wazuh

CVE-2026-25769Same product: Wazuh Wazuh

CVE-2025-15616Same product: Wazuh Wazuh

CVE-2025-62786Same product: Wazuh Wazuh

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv
Vendor Advisory · security-advisories@github.com
https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv
Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0