CVE-2024-1243
HIGHWazuh < 4.8.0 - NetNTLMv2 Hash Leak via Malicious UNC Path Configuration
Title source: llmDescription
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.
References (3)
Core 3
Core References
Exploit, Vendor Advisory
https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7
Product
https://pentraze.com/
Exploit, Vendor Advisory
https://pentraze.com/vulnerability-reports/CVE-2024-1243/
Scores
CVSS v3
7.2
EPSS
0.0054
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-73
Status
published
Products (1)
wazuh/wazuh
< 4.8.0
Published
Jun 11, 2025
Tracked Since
Feb 18, 2026