CVE-2024-47770 — Vulnetix

CVE-2024-47770 PUBLISHED CVSS 4.599999904632568 MEDIUM

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

EPSS 0.14% · 34.5th percentile

Risk Scores

CVSS v3.1

4.599999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS Score

0.14%

34.5th percentile

Affected Products

Vendor	Product	Versions
wazuh	wazuh	< 4.9.1, 0, < 4.9.1

Timeline

Jan 21, 1970 Security Advisory
Feb 3, 2025 CVE Published
Feb 3, 2025 PoC Published
Feb 3, 2025 PoC Published
Feb 4, 2025 EPSS Score
Feb 4, 2025 PoC Published
Feb 4, 2025 CVE Updated
Feb 6, 2025 PoC Published
Feb 18, 2025 EPSS Score
Feb 23, 2025 Coalition ESS Score
Mar 5, 2025 EPSS Score
Mar 15, 2025 Coalition ESS Score

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv url

Open in Interactive Console →