CVE-2024-53355 – This CVE describes multiple incorrect access co... (How to Fix)

Q: What is the severity of CVE-2024-53355?

CVE-2024-53355 has a CVSS score of 8.8 (HIGH). This CVE describes multiple incorrect access control vulnerabilities in EasyVirt DCScope and CO2Scope management software. Remote authenticated attackers with low privileges can perform administrative actions like creating admin users, modifying groups, and managing roles. All organizations running affected versions of these products are vulnerable.

📋 TL;DR

This CVE describes multiple incorrect access control vulnerabilities in EasyVirt DCScope and CO2Scope management software. Remote authenticated attackers with low privileges can perform administrative actions like creating admin users, modifying groups, and managing roles. All organizations running affected versions of these products are vulnerable.

💻 Affected Systems

Products:

EasyVirt DCScope
EasyVirt CO2Scope

Versions: DCScope <= 8.6.0, CO2Scope <= 1.3.0

Operating Systems: Not specified, likely various

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations with affected versions are vulnerable. Requires authenticated access but minimal privileges.

📦 What is this software?

Co2scope by Easyvirt

View all CVEs affecting Co2scope →

Dcscope by Easyvirt

View all CVEs affecting Dcscope →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the system, allowing them to create persistent backdoors, exfiltrate sensitive data, disrupt operations, and potentially pivot to other systems.

🟠

Likely Case

Attackers elevate privileges to gain administrative access, modify user accounts and permissions, and potentially access sensitive management data.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the management system itself without lateral movement.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can exploit these vulnerabilities remotely after obtaining any valid credentials.

🏢 Internal Only: HIGH - Even internally, any authenticated user can escalate privileges and compromise the management system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward via API calls. Attackers need only low-privilege credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DCScope > 8.6.0, CO2Scope > 1.3.0

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Check current version. 2. Upgrade to latest version beyond affected ranges. 3. Verify API endpoints now enforce proper authorization checks.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to management interfaces to only trusted administrative networks

API Endpoint Blocking

all

Use WAF or reverse proxy to block unauthorized access to vulnerable API endpoints

🧯 If You Can't Patch

Implement strict network segmentation to isolate management interfaces
Enforce principle of least privilege for all user accounts and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check version numbers in system settings or via version API endpoints. If DCScope <= 8.6.0 or CO2Scope <= 1.3.0, system is vulnerable.

Check Version:

Check system administration interface or consult product documentation for version checking method

Verify Fix Applied:

After upgrade, test API endpoints with low-privilege accounts to ensure they now return authorization errors instead of allowing administrative actions.

📡 Detection & Monitoring

Log Indicators:

Unusual API calls to user/group/role management endpoints from non-admin accounts
Multiple failed authorization attempts followed by successful administrative actions

Network Indicators:

POST/PUT requests to /api/user/* endpoints from unexpected source IPs
Pattern of API calls that follow privilege escalation sequence

SIEM Query:

source="easylvirt" AND (uri_path="/api/user/addalias" OR uri_path="/api/user/updatealias" OR uri_path="/api/user/delalias" OR uri_path="/api/user/adduser" OR uri_path="/api/user/updateuser" OR uri_path="/api/user/deluser" OR uri_path="/api/user/addrole" OR uri_path="/api/user/updaterole" OR uri_path="/api/user/delrole") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2024-53355

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-281

Published: January 31, 2025

Last Updated: May 23, 2025

🔗 References

https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53355.md Exploit,Third Party Advisory
https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53355.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53355, you might also want to check these: