Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities
Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Wazuh 安全漏洞
Vulnerability Description
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.13.0之前版本存在安全漏洞,该漏洞源于认证攻击者可通过恶意UNC路径强制NTLM身份验证,可能导致NTLM中继攻击,进而导致权限提升和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A