CVE-2024-53357
Published: 31 January 2025
Summary
CVE-2024-53357 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Easyvirt Co2Scope. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of inputs to vulnerable API endpoints for user, group, and role management, directly preventing SQL injection exploitation.
Mandates timely remediation of the specific SQL injection flaws in affected EasyVirt and CO2Scope versions through patching or code fixes.
Generates audit records for user, group, and role management events, enabling detection of unauthorized administrative actions performed via SQL injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection allows low-privileged remote authenticated attackers to enumerate (T1087.001, T1069.001), create (T1136.001), manipulate (T1098), and delete (T1531) users/groups/roles, enabling privilege escalation (T1068).
NVD Description
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealiasroute; (4) delete users…
more
via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduserroute; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/usersroute; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route.
Deeper analysisAI
CVE-2024-53357 involves multiple SQL injection vulnerabilities affecting EasyVirt DCScope versions up to and including 8.6.0 and CO2Scope versions up to and including 1.3.0. These flaws exist in various API endpoints related to user, group, and role management, such as /api/user/addalias, /api/user/updatealiasroute, /api/user/delalias, /api/user/aliases, /api/user/adduserroute, /api/user/updateuser, /api/user/deluser, /api/user/usersroute, /api/user/addrole, /api/user/updaterole, /api/user/delrole, and /api/user/roles. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-798.
Remote authenticated attackers with low privileges can exploit these SQL injection vulnerabilities to perform unauthorized administrative actions. This includes adding an admin user, modifying users, deleting users, retrieving user lists, adding a root group, modifying groups, deleting groups, retrieving groups, adding an admin role, modifying roles, deleting roles, and retrieving roles. Such actions enable privilege escalation and full control over user management within the affected applications.
The primary advisory reference is available at https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53357.md, which provides further details on the vulnerability. No specific patch or mitigation information is detailed in the available data.
Details
- CWE(s)