CVE-2024-55215

CriticalPublic PoC

Published: 07 February 2025

Published

07 February 2025

Modified

03 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0487 89.6th percentile

Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55215 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Jrohy Trojan. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to the /auth/register initialization interface, directly preventing unauthorized privilege escalation due to incorrect default permissions.

AC-6 Least Privilege good match

prevent

Employs least privilege to ensure the /auth/register endpoint does not allow excessive permissions, mitigating remote privilege escalation attacks.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Limits and documents permitted actions without authentication, explicitly prohibiting privilege-escalating operations like /auth/register to block unauthenticated exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote unauthenticated privilege escalation via the /auth/register interface of the Jrohy-trojan proxy service, facilitating exploitation of a public-facing application for initial access (T1190) and exploitation for privilege escalation (T1068).

NVD Description

An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.

Deeper analysisAI

CVE-2024-55215 is a privilege escalation vulnerability in trojan versions 2.0.0 through 2.15.3. The flaw resides in the initialization interface at /auth/register, where incorrect default permissions (CWE-276) enable unauthorized privilege elevation. Published on 2025-02-07, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and lack of prerequisites.

A remote attacker requires no privileges, authentication, or user interaction to exploit the vulnerability over the network. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise through escalated privileges.

A proof-of-concept for unauthorized exploitation in a Jrohy-trojan context is available at https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md. No vendor advisories or specific patch details are referenced in the provided information.