IM
IronMonkey Threat Research

CVE-2024-37370 HIGH

Published: 2024-06-28 | Last Modified: 2026-05-12 | Status: Modified

Description

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Additional Descriptions (1)

En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicación.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-345

Affected Products

Vendor Product Version Update Type
mit kerberos_5 * <built-in method update of dict object at 0x702b83f2c780> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Notification
Message here