CVE-2024-1244

CVE-2024-1244

Name

CVE-2024-1244

Description

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
41c37e40-543d-43a2-b660-2fee83ea851a	https://pentraze.com/
41c37e40-543d-43a2-b660-2fee83ea851a	https://pentraze.com/vulnerability-reports/

Type

URI

41c37e40-543d-43a2-b660-2fee83ea851a

https://pentraze.com/

41c37e40-543d-43a2-b660-2fee83ea851a

https://pentraze.com/vulnerability-reports/

CPE URI	Source package	Min version	Max version
	ossec-hids-agent	== 3.8.0	== 3.8.0

CPE URI

Source package

Min version

Max version

ossec-hids-agent

== 3.8.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ossec-hids-agent	edge-community	3.8.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
ossec-hids-agent	edge-community	3.8.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
ossec-hids-agent	edge-community	3.8.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
ossec-hids-agent	3.23-community	3.8.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ossec-hids-agent

edge-community

3.8.0-r2

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

ossec-hids-agent

edge-community