CVE-2022-47508

Disable NTLM: SAM 2022.4

CVSS 7.5 HIGHEPSS 0.8%CWE-287

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 fev 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

SolarWinds · Server & Application Monitor (SAM)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508