Main Vulnerability Database Vulnerabilities #VU86654

Permissions, Privileges, and Access Controls in Enhanced Authentication Plug-in (EAP) - CVE-2024-22250

Published: February 20, 2024 / Updated: September 4, 2024

Vulnerability identifier: #VU86654

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-22250

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
Enhanced Authentication Plug-in (EAP)

Detailed vulnerability description

The vulnerability allows a local user to hijack victim's session.

The vulnerability exists due to the way EAP initiates and handles sessions with the AD. A local user can hijack a privileged EAP session when initiated by a privileged domain user on the same system.

How to mitigate CVE-2024-22250

This plugin is no longer supported and will not receive any security updates. It is recommended to remove it from your systems.

Permissions, Privileges, and Access Controls in Enhanced Authentication Plug-in (EAP) - CVE-2024-22250

Detailed vulnerability description

How to mitigate CVE-2024-22250

Sources

Please verify you're human