Man-in-the-Middle (MitM) attack in Microsoft Endpoint Configuration Manager - CVE-2022-37972
Published: September 20, 2022
Vulnerability identifier: #VU67518
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-37972
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Endpoint Configuration Manager
Microsoft Endpoint Configuration Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way Microsoft Endpoint Configuration Manager handles Kerberos authentication failures. The application attempts to use NTLM to authenticate even if disabled by the "Allow connection fallback to NTLM" option. A remote attacker can perform spoofing attack and extract victims credentials via NTLM connection.
How to mitigate CVE-2022-37972
Install updates from vendor's website.