CVE-2024-37393

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 10, 2024

Updated: Jul 3, 2024

CWE ID 89

CWE ID 319

Summary

CVE-2024-37393 refers to multiple LDAP injection vulnerabilities found in SecurEnvoy Multi-Factor Authentication (MFA) versions prior to 9.4.514. These vulnerabilities arise due to inadequate input validation. An attacker, without authentication, can exploit these flaws to perform blind LDAP injection attacks on the DESKTOP service accessible via the /secserver HTTP endpoint. Successful attacks may lead to the exfiltration of sensitive data from Active Directory, including cleartext passwords for the Local Administrator Password Solution (LAPS) feature.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wWPO_U
https://www.cve.org/CVERecord?id=CVE-2024-37393
https://nvd.nist.gov/vuln/detail/CVE-2024-37393

Back to Vulnerability Database

CVE-2024-37393

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations