CVE-2024-55557
📋 TL;DR
CVE-2024-55557 is a critical vulnerability in Weasis 4.5.1 where proxy credentials are encrypted using a hardcoded symmetric key. This allows attackers to decrypt stored proxy passwords and potentially gain unauthorized access to network resources. All users of Weasis 4.5.1 who have configured proxy authentication are affected.
💻 Affected Systems
- Weasis
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers decrypt stored proxy credentials, use them to pivot through network proxies, access internal systems, and potentially compromise sensitive medical imaging data.
Likely Case
Attackers with access to configuration files or memory dumps extract and decrypt proxy credentials, gaining unauthorized proxy access to external/internal resources.
If Mitigated
With proper network segmentation and proxy authentication monitoring, impact is limited to credential exposure without lateral movement opportunities.
🎯 Exploit Status
Exploitation requires access to configuration files or memory where encrypted credentials are stored. Public proof-of-concept demonstrates credential extraction and decryption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Weasis 4.5.2 or later
Vendor Advisory: https://github.com/nroduit/Weasis/releases/tag/v4.5.1
Restart Required: Yes
Instructions:
1. Download Weasis 4.5.2 or later from official repository. 2. Stop Weasis application. 3. Install updated version. 4. Restart Weasis. 5. Reconfigure proxy settings if needed.
🔧 Temporary Workarounds
Remove Proxy Authentication
allTemporarily disable proxy authentication in Weasis configuration
Edit weasis.properties or configuration file, remove proxy.username and proxy.password entries
Use System Proxy Settings
allConfigure Weasis to use system-wide proxy settings instead of internal configuration
Set weasis.proxy.useSystem=true in configuration
🧯 If You Can't Patch
- Isolate Weasis instances on segmented network with strict outbound proxy controls
- Implement credential rotation for proxy accounts and monitor for unauthorized access
🔍 How to Verify
Check if Vulnerable:
Check Weasis version via Help → About. If version is 4.5.1 and proxy authentication is configured, system is vulnerable.Check Version:
java -jar weasis-launcher.jar --version or check Help → About in GUIVerify Fix Applied:
After update, verify version is 4.5.2 or later and check that proxy credentials are no longer stored with hardcoded encryption.📡 Detection & Monitoring
Log Indicators:
- Unusual proxy authentication attempts from Weasis instances
- Multiple failed proxy connections followed by successful access
Network Indicators:
- Proxy traffic from unexpected Weasis instances
- Anomalous outbound connections through proxy
SIEM Query:
source="weasis.log" AND ("proxy.auth" OR "proxy.connection")