Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability - CVE-2022-37966ID: oval:org.secpod.oval:def:85427 | Date: (C)2022-11-09 (M)2023-09-20 |
Class: VULNERABILITY | Family: windows |
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privileges. An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |