CVE-2024-57778

High

Published: 14 February 2025

Published

14 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.1138 93.6th percentile

Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57778 is a high-severity Improper Privilege Management (CWE-269) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Directly counters CWE-269 Improper Privilege Management by enforcing least privilege, preventing remote attackers from escalating from no privileges via flawed server responses.

SI-11 Error Handling good match

prevent

Mandates secure error handling to ensure HTTP 500 responses do not transition insecurely to 200 status codes, blocking the privilege escalation vector.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations, mitigating privilege escalation attempts triggered by anomalous server response status changes.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE directly describes a remote privilege escalation exploit via improper privilege management (CWE-269), mapping to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.

Deeper analysisAI

CVE-2024-57778 is a privilege escalation vulnerability in Orbe ONetView Roeador Onet-1200 Orbe 1680210096. The issue allows a remote attacker to escalate privileges by leveraging the server's response transition from HTTP status code 500 to status code 200. It carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-269 (Improper Privilege Management). The vulnerability was published on 2025-02-14.

A remote attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation enables high-impact confidentiality, integrity, and availability compromises in an unchanged security scope, effectively allowing privilege escalation on the affected system.

Mitigation details and additional information are available in the referenced advisory at https://github.com/KUK3N4N/CVE-2024-57778.

Details

CWE(s): CWE-269

CVEs Like This One

CVE-2026-2777Shared CWE-269

CVE-2025-48613Shared CWE-269

CVE-2026-35595Shared CWE-269

CVE-2025-64487Shared CWE-269

CVE-2025-67905Shared CWE-269

CVE-2024-13376Shared CWE-269

CVE-2025-26705Shared CWE-269

CVE-2025-37186Shared CWE-269

CVE-2026-24510Shared CWE-269

CVE-2026-23896Shared CWE-269

References

https://github.com/KUK3N4N/CVE-2024-57778
cve@mitre.org