.webp)
VMware has released an advisory regarding two vulnerabilities, CVE-2024-22245 (CVSSv3:9.6) and CVE-2024-22250 (CVSSv3:7.8) which impact the VMware Enhanced Authentication Plug-in (EAP). They are arbitrary authentication relay and session hijack vulnerabilities which exist in the depreciated EAP plug-in. VMware advises users to remove this component from impacted environments. These vulnerabilities were attributed to VMware to Ceri Coburn from Pen Test Partners as the reporter of them.
According to VMware the attack vector varies between these two vulnerabilities. CVE-2024-22245, the arbitrary authentication relay vulnerability, requires a malicious actor to trick a target domain user with the affected application installed in their web browser to request relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). CVE-2024-22250, the session hijack vulnerability, requires a malicious actor with unprivileged local access to a windows OS system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
Check your organization’s software inventory for any instances of this VMware EAP software and remove it if present. As it is depreciated it will no longer be receiving updates and is currently vulnerable and it is advised by the vendor to delete it.
VMware has supplied an article for a complete guide to removing this software to remediate these vulnerabilities. Refer to their KB 96442 for information on how to do so.
Depreciated or EoL software are always at risk of exploitation as they will never receive security updates. If exploited this vulnerability could damage your organizations reputation as there was not enough expediency in removing this software which depreciated in 2021. This is not to mention the potential loss of data and incident response costs because of an attacker exploiting the vulnerabilities as well.
Follow vendor recommendations: Remove the depreciated software per vendor instructions.
Have a plan for EoL or Depreciated software: Make sure your organization has a plan for removing or mitigating the risk of depreciated software.
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.
As we conclude our 'ransomware readiness week' of this Cybersecurity Awareness Month, it's time to take a critical look at your organization's defenses. Ransomware attacks are becoming more sophisticated, and no business is immune. In our latest article, we explore essential strategies to bolster your ransomware preparedness. Don't miss this vital information to help protect your business from emerging threats.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
