Main Vulnerability Database Vulnerabilities #VU67518

#VU67518 Man-in-the-Middle (MitM) attack in Microsoft Endpoint Configuration Manager - CVE-2022-37972

Published: September 20, 2022

Vulnerability identifier: #VU67518

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-37972

CWE-ID: CWE-300

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Endpoint Configuration Manager

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way Microsoft Endpoint Configuration Manager handles Kerberos authentication failures. The application attempts to use NTLM to authenticate even if disabled by the "Allow connection fallback to NTLM" option. A remote attacker can perform spoofing attack and extract victims credentials via NTLM connection.

Remediation

Install updates from vendor's website.

#VU67518 Man-in-the-Middle (MitM) attack in Microsoft Endpoint Configuration Manager - CVE-2022-37972

Description

Remediation

External links

Please verify you're human