Cyber Posture

CVE-2024-55959

Critical

Published: 21 January 2025

Published
21 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0012 30.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55959 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Northern (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of flaws like the insecure permissions in Mender Client 4.x before 4.0.5 through patching to version 4.0.5 or later.

CM-6 Configuration Settings good match
prevent

Requires establishment and enforcement of secure configuration settings, including proper file permissions to block unauthorized access and modification enabled by this vulnerability.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations for system resources, directly countering the insecure permissions that allow remote unauthorized access to sensitive data and integrity modifications.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1222 File and Directory Permissions Modification Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
attack.mitre.org →
Why these techniques?

Remote network exploitation (AV:N) of Mender Client via CWE-276 insecure permissions directly maps to public-facing app exploitation (T1190) and enables file/directory permission abuse for data access/modification (T1222).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.

Deeper analysisAI

CVE-2024-55959 is an insecure permissions vulnerability (CWE-276) in Northern.tech Mender Client versions 4.x before 4.0.5. Published on January 21, 2025, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting its critical severity due to high impacts on confidentiality and integrity.

The vulnerability allows remote attackers with no privileges or user interaction to exploit it over the network with low complexity. Successful exploitation enables high-level unauthorized access to sensitive data and modification of system integrity without affecting availability.

Mitigation details are available in advisories at https://Northern.tech and https://mender.io/blog/cve-2024-55959, which address the insecure permissions issue resolved in Mender Client 4.0.5 and later versions. Security practitioners should prioritize upgrading affected clients to patched releases.

Details

CWE(s)
CWE-276

Affected Products

Northern
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-57684Shared CWE-276
CVE-2024-55225Shared CWE-276
CVE-2025-35062Shared CWE-276
CVE-2025-25535Shared CWE-276
CVE-2024-55215Shared CWE-276
CVE-2025-24399Shared CWE-276
CVE-2025-27677Shared CWE-276
CVE-2026-6823Shared CWE-276
CVE-2026-6819Shared CWE-276
CVE-2025-27682Shared CWE-276

References