CVE-2024-57378

HIGH

Wazuh SIEM <4.8.2 - Privilege Escalation

Title source: llm

Description

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

Exploits (1)

nomisec SCANNER

by rxerium · poc

https://github.com/rxerium/CVE-2024-57378

View Code ZIP pw:eip

References (1)

[Various Sources] https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378

Scores

CVSS v3 7.3

EPSS 0.0012

EPSS Percentile 30.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Published Feb 13, 2025

Tracked Since Feb 18, 2026