← Zuruck zu CVEs
CVE-2024-53356
CRITICAL9.8
Beschreibung
Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/31/2025
Zuletzt geandert5/23/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
easyvirt:co2scopeeasyvirt:dcscope
Schwachen (CWE)
CWE-798
Referenzen
https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.