Vulnerability Description
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | I Access Client Solutions | >= 1.1.2, <= 1.1.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-RemoteThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Feb/7Mailing ListThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/279091VDB Entry
- https://www.ibm.com/support/pages/node/7116091Vendor Advisory
- http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-RemoteThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Feb/7Mailing ListThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/279091VDB Entry
- https://www.ibm.com/support/pages/node/7116091Vendor Advisory
FAQ
What is CVE-2024-22318?
CVE-2024-22318 is a vulnerability with a CVSS score of 5.1 (MEDIUM). IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configu...
How severe is CVE-2024-22318?
CVE-2024-22318 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22318?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm I Access Client Solutions.