What is CVE-2024-22245?

CVE-2024-22245 is a critical vulnerability with a severity score of 9.6, affecting the deprecated VMware Enhanced Authentication Plug-in (EAP). A malicious actor could exploit this vulnerability to request and relay service tickets for arbitrary Active Directory Service Principal Names (SPNs). To mitigate this risk, users should remove the EAP plugin from their systems.

Who is impacted by CVE-2024-22245?

Users with the VMware Enhanced Authentication Plug-in (EAP) installed in their web browser are impacted by CVE-2024-22245. It is essential for these users to remove the EAP plugin to protect their systems.

What to do if CVE-2024-22245 affected you

If you're affected by the CVE-2024-22245 vulnerability, it's crucial to take action to protect your system. Follow these simple steps to mitigate the risk:

1. Remove the deprecated VMware Enhanced Authentication Plug-in (EAP) from your web browser by following the guidance in KB96442.

2. Be aware that there are no workarounds available for this vulnerability.

3. For additional information, refer to the supplemental FAQ.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-22245 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, also known as an Arbitrary Authentication Relay vulnerability, affects the deprecated VMware Enhanced Authentication Plug-in (EAP).

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-287, which refers to improper authentication in the deprecated VMware Enhanced Authentication Plug-in (EAP).

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

• VMware Security Advisory VMSA-2024-0003