Plattform
go
Komponente
github.com/wazuh/wazuh
Behoben in
4.9.2
4.9.1+incompatible
CVE-2024-47770 describes a privilege escalation vulnerability within the Wazuh Dashboard. This flaw allows unauthenticated users to view the agent list, potentially exposing sensitive information about the monitored environment. The vulnerability impacts Wazuh Dashboard versions prior to 4.9.1+incompatible, and a fix is available in version 4.9.1+incompatible.
The primary impact of CVE-2024-47770 is the unauthorized disclosure of Wazuh agent information. An attacker could leverage this information to identify potential targets for further attacks, map the network topology, and understand the security posture of the environment. While direct exploitation beyond viewing the agent list is not immediately apparent, this information could be used in conjunction with other vulnerabilities or reconnaissance efforts to escalate an attack. The blast radius is limited to the Wazuh Dashboard environment and the information it exposes about agents.
CVE-2024-47770 was publicly disclosed on 2025-02-04. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The probability of exploitation is considered low given the lack of public exploits, but the ease of access to the agent list makes it a potential target for opportunistic attackers.
Organizations utilizing Wazuh Dashboard for security monitoring are at risk. Specifically, deployments with misconfigured access controls or those relying on default Wazuh Dashboard settings are particularly vulnerable. Shared hosting environments where Wazuh Dashboard is deployed alongside other applications should also be considered at higher risk.
• linux / server: Monitor Wazuh Dashboard logs for unauthorized access attempts to the agent list endpoint. Use journalctl -u wazuh-dashboard to filter for suspicious activity.
journalctl -u wazuh-dashboard | grep "agent_list" | grep "unauthorized"• generic web: Use curl to test access to the agent list endpoint without authentication. A successful response indicates the vulnerability is present.
curl -I http://<wazuh_dashboard_ip>/agent_list• go: Review Wazuh Dashboard source code for the agent list functionality to identify potential vulnerabilities. Look for areas where authentication checks are missing or inadequate.
disclosure
Exploit-Status
EPSS
0.14% (35% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2024-47770 is to immediately upgrade Wazuh Dashboard to version 4.9.1+incompatible or later. If upgrading is not immediately feasible, consider implementing access controls and authentication restrictions within the Wazuh Dashboard to limit access to the agent list. Review Wazuh Dashboard configuration to ensure only authorized users have access. After upgrading, confirm the fix by verifying that unauthenticated users can no longer access the agent list through a web browser.
Actualice Wazuh a la versión 4.9.1 o superior. Esta actualización corrige la vulnerabilidad de escalación de privilegios que permite la visualización no autorizada de la lista de agentes en el panel de control. No existen soluciones alternativas conocidas, por lo que la actualización es la única forma de mitigar este riesgo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47770 is a vulnerability in Wazuh Dashboard that allows unauthenticated users to view the agent list, potentially exposing sensitive information.
You are affected if you are using Wazuh Dashboard versions prior to 4.9.1+incompatible. Check your version and upgrade immediately.
Upgrade Wazuh Dashboard to version 4.9.1+incompatible or later. As a temporary workaround, restrict access to the agent list.
There is currently no evidence of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits.
Refer to the Wazuh security advisories page for the latest information and official guidance: [https://www.wazuh.com/security-advisories/](https://www.wazuh.com/security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.