Vulnerability Description
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wazuh | Wazuh | < 4.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7ExploitVendor Advisory
- https://pentraze.com/Product
- https://pentraze.com/vulnerability-reports/CVE-2024-1243/ExploitVendor Advisory
- https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7ExploitVendor Advisory
FAQ
What is CVE-2024-1243?
CVE-2024-1243 is a vulnerability with a CVSS score of 7.2 (HIGH). Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC ...
How severe is CVE-2024-1243?
CVE-2024-1243 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1243?
Check the references section above for vendor advisories and patch information. Affected products include: Wazuh Wazuh.