Cyber Posture

CVE-2024-57378

High

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0012 30.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57378 is a high-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 requires enforcement of approved access authorizations via reference monitors, directly mitigating the broken access control permitting unauthorized internal user creation.

AC-2 Account Management good match
prevent

AC-2 establishes processes for account creation and management exclusively by authorized entities, preventing unauthenticated adversaries from creating internal users.

AC-6 Least Privilege partial match
prevent

AC-6 enforces least privilege principles, limiting damage from privilege escalation or unauthorized resource access by rogue users created without roles.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
attack.mitre.org →
Why these techniques?

Broken access control directly enables unauthenticated account creation (T1136) and resulting privilege escalation (T1068) in the exposed SIEM application.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

Deeper analysisAI

CVE-2024-57378 is a broken access control vulnerability affecting Wazuh SIEM version 4.8.2. The flaw allows unauthorized creation of internal users without assigning any existing user role, potentially enabling privilege escalation or unauthorized access to sensitive resources. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and maps to CWE-284.

Network-accessible attackers require no privileges, authentication, or user interaction to exploit this vulnerability due to its low attack complexity. Successful exploitation lets unauthenticated adversaries create internal users without roles, which can result in privilege escalation or access to sensitive resources in the Wazuh SIEM deployment.

Mitigation details and further technical analysis are available in the referenced vulnerability research repository at https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378.

Details

CWE(s)
CWE-284

Affected Products

Wazuh SIEM
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-20341Shared CWE-284
CVE-2024-56898Shared CWE-284
CVE-2025-25950Shared CWE-284
CVE-2025-24968Shared CWE-284
CVE-2025-54914Shared CWE-284
CVE-2025-21359Shared CWE-284
CVE-2025-24042Shared CWE-284
CVE-2026-2311Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-23856Shared CWE-284

References