cbcvebase.
CVE-2024-28000
published 2024-08-21

CVE-2024-28000: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <=…

PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
67.92%
99.2th percentile
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
litespeed_technologieslitespeed_cache<= 6.3.0.1
litespeedtechlitespeed_cache>= 1.9 < 6.46.4

Detection & IOCsextracted from sources · hover to see the quote

cookielitespeed_hash
cookielitespeed_role
  • Detect brute-force attempts against the LiteSpeed Cache user simulation feature by monitoring for high-frequency requests carrying the 'litespeed_hash' and 'litespeed_role' cookies, particularly cycling through up to 1 million hash values.
  • Alert on installation of new/unknown plugins by newly created administrator accounts on WordPress sites running LiteSpeed Cache <= 6.3.0.1, as this is a primary post-exploitation action.
  • Check Point IPS signature available for this threat: 'WordPress LiteSpeed Cache Plugin Privilege Escalation (CVE-2024-28000)'.
  • ·Exploitation requires the LiteSpeed Cache crawler's role simulation feature to be enabled and the attacker must know or guess a valid Administrator-level user ID (user ID 1 succeeds on many default WordPress installations).

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.