CVE-2024-55062 – This is a critical code injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-55062?

CVE-2024-55062 has a CVSS score of 9.8 (CRITICAL). This is a critical code injection vulnerability in EasyVirt DCScope and CO2Scope that allows remote unauthenticated attackers to execute arbitrary code via the /api/license/sendlicense/ endpoint. Attackers can gain complete control of affected systems without any authentication. All organizations running vulnerable versions of these products are at risk.

📋 TL;DR

This is a critical code injection vulnerability in EasyVirt DCScope and CO2Scope that allows remote unauthenticated attackers to execute arbitrary code via the /api/license/sendlicense/ endpoint. Attackers can gain complete control of affected systems without any authentication. All organizations running vulnerable versions of these products are at risk.

💻 Affected Systems

Products:

EasyVirt DCScope
EasyVirt CO2Scope

Versions: DCScope <= 8.6.0, CO2Scope <= 1.3.0

Operating Systems: All supported OS platforms for these products

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint is accessible without authentication by default, making all default installations vulnerable.

📦 What is this software?

Co2scope by Easyvirt

View all CVEs affecting Co2scope →

Dcscope by Easyvirt

View all CVEs affecting Dcscope →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Initial foothold for attackers leading to credential harvesting, data exfiltration, and deployment of additional malware payloads.

🟢

If Mitigated

Attack blocked at network perimeter or application firewall, with no successful exploitation despite attempts.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing instances extremely vulnerable to automated attacks.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to attackers who gain initial network access through other means.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending specially crafted requests to the /api/license/sendlicense/ endpoint. No authentication is required, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DCScope > 8.6.0, CO2Scope > 1.3.0

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Check current version using product's version command. 2. Contact EasyVirt support for patched versions. 3. Apply updates following vendor's upgrade procedures. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Use web application firewall or network controls to block access to /api/license/sendlicense/ endpoint

# Example iptables rule: iptables -A INPUT -p tcp --dport [PORT] -m string --string "/api/license/sendlicense/" --algo bm -j DROP

Network segmentation

all

Isolate affected systems from internet and restrict access to trusted networks only

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the vulnerable endpoint
Deploy web application firewall with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if system responds to requests at /api/license/sendlicense/ endpoint and verify version is within vulnerable range

Check Version:

Check product documentation for version command (typically via web interface or configuration files)

Verify Fix Applied:

Test that /api/license/sendlicense/ endpoint no longer accepts malicious payloads and verify updated version

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /api/license/sendlicense/ endpoint
Suspicious process creation or command execution following license API calls
Failed authentication attempts not present for this endpoint

Network Indicators:

Unusual outbound connections from affected systems
Traffic patterns indicating command and control communication
Unexpected data exfiltration

SIEM Query:

source="web_logs" AND uri="/api/license/sendlicense/" AND (payload CONTAINS "system" OR payload CONTAINS "exec" OR payload CONTAINS "cmd")

📊 Metadata

CVE ID: CVE-2024-55062

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: January 31, 2025

Last Updated: May 24, 2025

🔗 References

https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md Exploit,Third Party Advisory
https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55062, you might also want to check these: