Wazuh is an "Open Source Security Platform" that provides agent-based security monitoring for Unix and Windows clients.
This vulnerability affects the Active Response feature that can automatically trigger actions in response to alerts.
The specific vulnerability is in the handling of IP address arguments.
The problem results from the lack of proper validation of JSON messages.
An attacker could exploit this vulnerability to run code in the context of root to escalate privileges or to pivot from the management server to client systems.
Author: Konstantin
-
Wazuh
-
CVE-2023-50260 ‒ Command Injection via Active Responses -
CVE-2024-32038 ‒ Heap-based Buffer Overflow in Event Decoder Wazuh is a "Open Source Security Platform" that provides agent based security monitoring for Unix and Windows clients. This vulnerability is a heap-based buffer overflow in the event decoder of the "Analysis Engine", a component of the management server. It could allow unauthenticated attackers to execute arbitrary commands on the Wazuh management server.
-