Multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP)
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-22245 CVE-2024-22250 |
| CWE-ID | CWE-294 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Enhanced Authentication Plug-in (EAP) Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Authentication bypass by capture-replay
EUVDB-ID: #VU86653
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-22245
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to arbitrary authentication relay issue. A remote attacker trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
MitigationThis plugin is no longer supported and will not receive any security updates. It is recommended to remove it from your systems.
Vulnerable software versionsEnhanced Authentication Plug-in (EAP): All versions
CPE2.3 External linkshttps://www.vmware.com/security/advisories/VMSA-2024-0003.html
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24257
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU86654
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-22250
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to hijack victim's session.
The vulnerability exists due to the way EAP initiates and handles sessions with the AD. A local user can hijack a privileged EAP session when initiated by a privileged domain user on the same system. MitigationThis plugin is no longer supported and will not receive any security updates. It is recommended to remove it from your systems.
Enhanced Authentication Plug-in (EAP): All versions
CPE2.3 External linkshttps://www.vmware.com/security/advisories/VMSA-2024-0003.html
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24257
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
