1. Home
  2. CVE Database
  3. CVE-2024-53356
CRITICAL · 9.8

CVE-2024-53356

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardco...

Vulnerability Description

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
EasyvirtCo2Scope<= 1.3.0
EasyvirtDcscope<= 8.6.0

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2024-53356?

CVE-2024-53356 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardco...

How severe is CVE-2024-53356?

CVE-2024-53356 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-53356?

Check the references section above for vendor advisories and patch information. Affected products include: Easyvirt Co2Scope, Easyvirt Dcscope.