CVE-2024-1244
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Pentraze
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue in the OSSEC HIDS agent for Windows versions prior to 3.8.0. An attacker who controls the OSSEC server or has the agent's key can configure the agent to connect to a malicious UNC path. This causes the machine account's NetNTLMv2 hash to be leaked, which can then be used for further attacks such as remote code execution or privilege escalation to SYSTEM through techniques like Active Directory Certificate Services (AD CS) certificate forging.
How can this vulnerability impact me? :
The vulnerability can lead to leakage of sensitive authentication hashes (NetNTLMv2), which attackers can relay to execute remote code on the affected machine or escalate privileges to SYSTEM level. This can result in full system compromise, unauthorized access, and control over the affected Windows machine running the OSSEC agent.