Published: February 22, 2024

Overview

CVE-2024-22245 (CVSS Base Score: 9.6) includes Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP).

Impact

EAP could allow a malicious actor to trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs) resulting in bypassing authentication mechanisms and hijacking user sessions. 

Applicable Versions

Affected VersionNot Affected Version
Any Enhanced Authentication Plug-inNil

Mitigations and Workarounds

The EAP is composed of two components namely In-browser plugin/client, “VMware Enhanced Authentication Plug-in 6.7.0” and ​​​​​​Windows service, “VMware Plug-in Service”. To mitigate the vulnerabilities, administrators must remove the EAP plugin and the service. VMware has published the instructions in KB96442 to address CVE-2024-22245.

Best Practices

EAP was deprecated in 2021. Remove the unsupported or deprecated products from your environment. 

Netsurion Detection and Response

Netsurion’s vulnerability management system is collaborating with the vendors to update the vulnerability scanners to detect for customers who have subscribed to Netsurion Vulnerability Management. 

References:

Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4