OSSEC HIDS Agent for Windows Improper Input Validation Vulnerability Allowing UNC Path Manipulation and Credential Leakage

Vulnerability

A vulnerability exists in the OSSEC HIDS agent for Windows, in versions prior to 3.8.0, due to improper input validation. This flaw allows an attacker with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. Consequently, this manipulation leads to the leakage of the machine account's NetNTLMv2 hash. This hash can be relayed to execute remote code or used to escalate privileges to SYSTEM by forging AD CS certificates, among other similar attacks.

Impact

Exploitation of this vulnerability results in the unauthorized disclosure of the NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM through Active Directory Certificate Services certificate forging and related attacks.

Added: Jun 11, 2025, 5:11 AM

Updated: Jun 11, 2025, 5:11 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OSSEC HIDS Agent for Windows Improper Input Validation Vulnerability Allowing UNC Path Manipulation and Credential Leakage

Vulnerability

Impact

Affected Products

OSSEC HIDS agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating