CVE-2024-22318

CVSS V2 None CVSS V3 None

Description

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.

Overview

CVE ID
CVE-2024-22318

Assigner
ibm

Vulnerability Status
PUBLISHED

Published Version
2024-02-09T00:26:52.792Z

Last Modified Date
2024-04-03T01:30:57.319Z

Weakness Enumerations

CWE	URL
CWE-384	http://cwe.mitre.org/data/definitions/384.html

References

Reference URL	Reference Tags
https://www.ibm.com/support/pages/node/7116091	vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/279091	vdb-entry
http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html
http://seclists.org/fulldisclosure/2024/Feb/7

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-22318
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22318

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 09:17:14				Added to TrackCVE