Platform
go
Component
github.com/wazuh/wazuh
Fixed in
4.9.2
4.9.1+incompatible
CVE-2024-47770 describes a privilege escalation vulnerability within the Wazuh Dashboard. This flaw allows unauthenticated users to view the agent list, potentially exposing sensitive information about the monitored environment. The vulnerability impacts Wazuh Dashboard versions prior to 4.9.1+incompatible, and a fix is available in version 4.9.1+incompatible.
The primary impact of CVE-2024-47770 is the unauthorized disclosure of Wazuh agent information. An attacker could leverage this information to identify vulnerable agents, understand the network topology, and plan further attacks. While the vulnerability doesn't directly lead to code execution, it provides valuable reconnaissance data that can be used in conjunction with other exploits. The blast radius is limited to the Wazuh Dashboard environment and the agents it monitors, but the information gained could facilitate lateral movement within the network if agents themselves are vulnerable. This vulnerability highlights the importance of proper access controls and least privilege principles within security monitoring systems.
CVE-2024-47770 was publicly disclosed on 2025-02-04. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The probability of exploitation is considered low given the lack of public exploits and active campaigns.
Exploit Status
EPSS
0.14% (35% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2024-47770 is to immediately upgrade Wazuh Dashboard to version 4.9.1+incompatible or later. If upgrading is not immediately feasible, consider implementing temporary access controls to restrict access to the agent list. This could involve configuring Wazuh Dashboard to require authentication for all users or limiting access to specific user roles. Review Wazuh Dashboard configuration to ensure adherence to the principle of least privilege. After upgrading, confirm the fix by attempting to access the agent list without authentication; access should be denied.
Actualice Wazuh a la versión 4.9.1 o superior. Esta actualización corrige la vulnerabilidad de escalación de privilegios que permite la visualización no autorizada de la lista de agentes en el panel de control. No existen soluciones alternativas conocidas, por lo que la actualización es la única forma de mitigar este riesgo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-47770 is a vulnerability in Wazuh Dashboard that allows unauthenticated users to view the agent list, potentially exposing sensitive information.
You are affected if you are using Wazuh Dashboard versions prior to 4.9.1+incompatible. Check your version and upgrade immediately.
Upgrade Wazuh Dashboard to version 4.9.1+incompatible or later. As a temporary workaround, restrict access to the agent list.
There is currently no evidence of active exploitation in the wild, nor are there any publicly available proof-of-concept exploits.
Refer to the Wazuh security advisories page for the latest information and official guidance: [https://www.wazuh.com/security-advisories/](https://www.wazuh.com/security-advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.