CVE-2024-55957
Published: 22 January 2025
Summary
CVE-2024-55957 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Thermofisher (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2024-55957 is a local privilege escalation vulnerability (CWE-276) in the driver packages of Thermo Fisher Scientific Xcalibur before version 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10 on Windows systems. The issue arises from improper access control permissions, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, enabling privilege escalation on the affected Windows system.
Thermo Fisher advisories recommend updating to Xcalibur 4.7 SP1 or later and ICSW 3.1 SP10 or later to mitigate the vulnerability. Further details are provided in the security guide at https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf and on https://thermofisher.com.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52865
Vulnerability details
In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation via improper access control permissions directly matches Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses improper access control permissions on driver packages by requiring enforcement of approved authorizations for logical access to system resources, preventing local privilege escalation.
Mandates establishment of secure configuration settings, including restrictive permissions on vulnerable driver files, to reflect the most restrictive mode and prevent exploitation by low-privileged local attackers.
Requires identification, reporting, and correction of flaws like this privilege escalation vulnerability through timely application of vendor-recommended patches for Xcalibur and ICSW.