CVE-2024-57766
Published: 15 January 2025
Summary
CVE-2024-57766 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Wangl1989 Mysiteforme. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring identification, reporting, and correction of the FastJSON deserialization flaw in MSFM prior to 2025.01.01.
Validates untrusted inputs to the system/table/editField component to block malicious deserialization payloads exploiting CWE-502.
Identifies the FastJSON deserialization vulnerability through vulnerability scanning, enabling timely remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
FastJSON deserialization vulnerability via /admin/system/table/editField enables remote code execution with crafted JSON payloads (e.g., JdbcRowSetImpl gadget), facilitating exploitation of public-facing web applications (T1190), remote services (T1210), and privilege escalation (T1068) post-authentication.
NVD Description
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
Deeper analysisAI
CVE-2024-57766 is a deserialization vulnerability in the FastJSON library within MSFM versions prior to 2025.01.01. The flaw resides in the system/table/editField component and is classified as CWE-502 (Deserialization of Untrusted Data). It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), marking it as critical due to its potential for severe impact.
The vulnerability can be exploited by unauthenticated remote attackers requiring low complexity and no user interaction. Exploitation enables high confidentiality and integrity impacts, allowing attackers to access sensitive data and modify system information without affecting availability.
The advisory reference at https://gitee.com/wanglingxiao/mysiteforme/issues/IBFVHR details the issue, with mitigation provided in MSFM version 2025.01.01 and later. Security practitioners should upgrade to the patched version promptly.
Details
- CWE(s)