โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2024-22245
CVE-2024-22245 โ€” Arbitrary Authentication Relay and Session Hijack vulnerabilities in the depreca
๐Ÿ“… 2024-02-20
๐Ÿ”ด Critical ๐Ÿ”ฅ No NVD Exploit Microsoft CVSS 9.6 ๐ŸŽฏ EPSS 0.72%

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allowย aย malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Microsoft Active Directory

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2024-22245

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2024-22245 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†