CVE-2024-53355

Summary

CVE-2024-53355 is a critical access control issue affecting EasyVirt DCScope version 8.6.0 and CO2Scope version 1.3.0. This vulnerability allows remote, authenticated attackers with low privileges to manipulate user and group settings. They can add, modify, delete users, and even add and modify admin roles and groups using various API endpoints such as /api/user/addalias, /api/user/updatealias, /api/user/delalias, /api/user/adduser, /api/user/updateuser, /api/user/deluser, /api/user/addrole, /api/user/updaterole, and /api/user/delrole. These actions could lead to unintended consequences, including privilege escalation, and should be addressed promptly by applying the necessary patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.