CVE-2024-45204

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-863
View all →

Vulnerability Description

A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.

Related Vulnerabilities

CVE-2016-4514

HIGH
CVSS:7.7(High)

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

CWE-8632016

CVE-2020-3467

HIGH
CVSS:7.7(High)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. ...

CWE-8632020

CVE-2021-21484

HIGH
CVSS:7.7(High)

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

CWE-8632021

CVE-2023-23304

HIGH
CVSS:7.7(High)

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious app...

CWE-8632023

CVE-2023-42860

HIGH
CVSS:7.7(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of t...

CWE-8632023

CVE-2024-10975

HIGH
CVSS:7.7(High)

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. Thi...

CWE-8632024