SB2024022050 - Multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP)

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Authentication bypass by capture-replay (CVE-ID: CVE-2024-22245)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to arbitrary authentication relay issue. A remote attacker trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-22250)

The vulnerability allows a local user to hijack victim's session.

The vulnerability exists due to the way EAP initiates and handles sessions with the AD. A local user can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://www.vmware.com/security/advisories/VMSA-2024-0003.html
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24257