CVE-2024-47770
Published: 03 February 2025
Summary
CVE-2024-47770 is a medium-severity Improper Privilege Management (CWE-269) vulnerability in Wazuh Wazuh. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-47770 is a vulnerability in Wazuh, a free and open source platform used for threat prevention, detection, and response across on-premises, virtualized, containerized, and cloud-based environments. It arises from weak privilege access management (CWE-269), enabling privilege escalation that allows an attacker to view the agent list on the Wazuh dashboard without appropriate privilege access. The issue affects Wazuh versions prior to 4.9.1.
Exploitation requires network access (AV:N), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R), with no change in scope (S:U). A successful attack results in low impacts to confidentiality and integrity (C:L/I:L) but no availability impact (A:N), as reflected in its CVSS score of 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). An attacker with low privileges can leverage this to escalate access and view the agent list.
The vulnerability has been addressed in Wazuh release version 4.9.1, and all users are advised to upgrade. There are no known workarounds. Further details are provided in the GitHub security advisory at https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42888
Vulnerability details
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows…
more
an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct privilege escalation via weak access controls enables unauthorized dashboard access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces the principle of least privilege to directly counter weak privilege access management and prevent privilege escalation to view the Wazuh agent list.
Requires enforcement of approved authorizations, mitigating unauthorized access to the agent list on the Wazuh dashboard due to improper access controls.
Mandates timely flaw remediation through patching to Wazuh version 4.9.1, eliminating the specific privilege escalation vulnerability.