Windows Kerberos Elevation of Privilege Vulnerability - CVE-2022-33679ID: oval:org.secpod.oval:def:83826 | Date: (C)2022-09-14 (M)2023-12-26 |
Class: VULNERABILITY | Family: windows |
Windows Kerberos Elevation of Privilege Vulnerability. An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |