CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-22250

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00109/1

CVE-2024-22250: Session Hijack vulnerability in VMware Enhanced Authentication Plug-in. A malicious local user can hijack a privileged session. This vulnerability, though having a CVSS score of 0, poses a risk if exploited.

CVE-2024-22250 allows a local attacker with unprivileged access on a Windows system to hijack a privileged EAP session initiated by a domain user. The VMware Enhanced Authentication Plug-in is the affected component. SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk; while not critical, monitoring is advised. The risk involves unauthorized access to sensitive data and system compromise. This vulnerability is significant because it allows lateral movement within a network from a low-privilege account. Given the CWE-384 (Session Fixation), proper session management is crucial to mitigate risks.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-02-20
LAST MODIFIED2024-08-01
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-22250 is a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. It allows a malicious actor with unprivileged local access to a Windows operating system to hijack a privileged EAP session when initiated by a privileged domain user on the same system. The SVRS for this CVE is 0, indicating a low level of urgency and severity.

Key Insights

  • This vulnerability can be exploited by an attacker with local access to a Windows system.
  • The attacker can hijack a privileged EAP session, allowing them to gain access to sensitive information or perform malicious actions.
  • The vulnerability is not actively exploited in the wild, but it is important to patch affected systems as soon as possible.

Mitigation Strategies

  • Update to the latest version of VMware Enhanced Authentication Plug-in.
  • Disable the Enhanced Authentication Plug-in if it is not required.
  • Implement network segmentation to limit the attacker's ability to access privileged EAP sessions.
  • Monitor for suspicious activity and investigate any unauthorized access attempts.

Additional Information

  • There are no known threat actors or APT groups actively exploiting this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, February 21st, 2024
Dr. Johannes B. Ullrich2024-02-21
ISC StormCast for Wednesday, February 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Dynamic Sandbox Detection; Screenconnect Vulns; VMWare EAP; VoltSchemerPython InfoStealer Wtih Dynamic Sandbox Detection https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668 Connectwise Screenconnect Vulnerabilities https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250 https://kb.vmware.com/s/article/96442 Voltage Noise to Manipulate Wireless Chargers
sans.edu
rss
forum
news
No fix KrbRelay VMware style
Ceri Coburn2024-02-21
No fix KrbRelay VMware style | TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The [&#8230;] The post No fix KrbRelay VMware style first appeared on Pen Test Partners.</p
cve-2024-22245
cve-2024-22250
domains
urls

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.vmware.com/security/advisories/VMSA-2024-0003.html

CWE Details

CWE IDCWE NameDescription
CWE-384Session FixationAuthenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence