Cyber Resilience

CVE-2024-57378

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0012 30.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57378 is a high-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-57378 is a broken access control vulnerability affecting Wazuh SIEM version 4.8.2. The flaw allows unauthorized creation of internal users without assigning any existing user role, potentially enabling privilege escalation or unauthorized access to sensitive resources. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and maps to CWE-284.

Network-accessible attackers require no privileges, authentication, or user interaction to exploit this vulnerability due to its low attack complexity. Successful exploitation lets unauthenticated adversaries create internal users without roles, which can result in privilege escalation or access to sensitive resources in the Wazuh SIEM deployment.

Mitigation details and further technical analysis are available in the referenced vulnerability research repository at https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378.

EU & UK References

Vulnerability details

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
Why these techniques?

Broken access control directly enables unauthenticated account creation (T1136) and resulting privilege escalation (T1068) in the exposed SIEM application.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20341Shared CWE-284
CVE-2024-56898Shared CWE-284
CVE-2026-48898Shared CWE-284
CVE-2026-25176Shared CWE-284
CVE-2026-48899Shared CWE-284
CVE-2026-37526Shared CWE-284
CVE-2024-56883Shared CWE-284
CVE-2026-42823Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-41086Shared CWE-284

Affected Assets

Wazuh SIEM
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 requires enforcement of approved access authorizations via reference monitors, directly mitigating the broken access control permitting unauthorized internal user creation.

prevent

AC-2 establishes processes for account creation and management exclusively by authorized entities, preventing unauthenticated adversaries from creating internal users.

prevent

AC-6 enforces least privilege principles, limiting damage from privilege escalation or unauthorized resource access by rogue users created without roles.

References