{ "cve_id": "CVE-2024-43451", "description": "CVE-2024-43451 is an NTLM hash spoofing vulnerability in Microsoft Windows. It allows attackers to steal a user's NTLMv2 hash with minimal user interaction.", "cvss_score_v3": 6.5, "cvss_vector_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "cvss_score_v4": null, "severity": "Important", "published_date": "2024-11-12", "last_updated_date": "2024-11-14", "affected_products": [ "Microsoft Windows" ], "exploitability": "Minimal user interaction required", "impact": "Allows attackers to steal NTLMv2 hash, enabling pass-the-hash attacks", "mitigation": "Apply the latest security updates from Microsoft", "epss_score": 0.85, "vex_status": "Exploitation More Likely", "exploit_likelihood": { "score": 0.85, "color_code": "red" }, "under_exploitation": true, "associated_threat_actors": [ "UAC-0194" ], "iocs": [ { "type": "file", "indicator": "humeniuk_liubov_stanislavivna.zip", "md5": "948fe6bc00c9d95e22557718d69c92ca", "sha1": "e4f894e9a4d33f5202db5a10bcd0b54348ea13f8", "sha256": "07b417ffa08f12201eceba3688690bd5c947f657be00e3c883f6ec342ec5c344" }, { "type": "ip", "indicator": "92.42.96.30" } ], "entities_targeted": [ "Ukrainian academic institutions" ], "associated_nations": [ "Russia" ], "targeted_nations": [ "Ukraine" ], "associated_malware": [ "SparkRAT", "Redline Stealer" ], "connected_vulnerabilities": [ "CVE-2024-49039", "CVE-2024-49019", "CVE-2024-49040", "CVE-2024-43639" ], "references": [ { "title": "Microsoft Security Response Center", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-43451" }, { "title": "Kaspersky Blog", "url": "https://www.kaspersky.com/blog/2024-november-patch-tuesday/52604/" }, { "title": "ClearSky Cyber Security", "url": "https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/" } ] }