CVE-2024-53356

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 31, 2025

Updated: Feb 7, 2025

CWE ID 798

Summary

CVE-2024-53356 is a newly disclosed vulnerability affecting EasyVirt DCScope versions 8.6.0 and older, as well as CO2Scope versions 1.3.0 and below. This weakness allows remote attackers to exploit a hardcoded HMAC secret used for generating JSON Web Tokens (JWTs). Attackers can leverage this vulnerability to produce valid JWTs with elevated privileges, gaining unauthorized access to sensitive information and actions within the application. The default secret, "somerandomaccesstoken," is predictable, significantly increasing the risk of unauthorized token generation and potential privilege escalation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0uV8WW
https://www.cve.org/CVERecord?id=CVE-2024-53356
https://nvd.nist.gov/vuln/detail/CVE-2024-53356

Back to Vulnerability Database

CVE-2024-53356

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations