Unisys WebPerfect Image Suite NTLMv2 Hash Leakage Vulnerability via .NET Remoting

Vulnerability

A vulnerability in Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes. This is achieved by exploiting a deprecated .NET Remoting TCP channel, where attackers can supply a Windows UNC path as a target file argument. The object-unmarshalling techniques used in this process enable the interception of NTLMv2 hashes, which can then be relayed to other hosts for privilege escalation or lateral movement, depending on the network configuration and patch level.

Impact

Successful exploitation of this vulnerability leads to the unauthorized leakage of NTLMv2 machine-account hashes, which can be captured and relayed to other hosts to achieve privilege escalation or lateral movement, based on the network environment and applied patches.

Added: Apr 15, 2026, 12:19 AM

Updated: Apr 15, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Unisys WebPerfect Image Suite NTLMv2 Hash Leakage Vulnerability via .NET Remoting

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating