CVE-2024-57378

HIGH

Wazuh SIEM <4.8.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57378. PoCs published by rxerium.

AI-analyzed exploit summary This repository contains a Nuclei HTTP template for detecting Wazuh web interface version 4.8.2, which is vulnerable to CVE-2024-57378. The template checks for the presence of the Wazuh UI and extracts the version to confirm vulnerability.

Description

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

Exploits (1)

nomisec SCANNER

by rxerium · poc

https://github.com/rxerium/CVE-2024-57378

View Code ZIP pw:eip

This repository contains a Nuclei HTTP template for detecting Wazuh web interface version 4.8.2, which is vulnerable to CVE-2024-57378. The template checks for the presence of the Wazuh UI and extracts the version to confirm vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Wazuh web interface version 4.8.2

No auth needed

Prerequisites: Access to the target URL or /app/login page of the Wazuh web interface

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378

View Writeup ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0025

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Published Feb 13, 2025

Tracked Since Feb 18, 2026