CVE-2024-46480
Published: 13 January 2025
Description
Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls.
Security Summary
CVE-2024-46480 is an NTLM hash leak vulnerability in Venki Supravizio BPM versions up to 18.0.1. Published on January 13, 2025, it carries a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-522 (Insufficiently Protected Credentials). The flaw enables exposure of NTLM hashes within this business process management software.
An authenticated attacker with Application Administrator access can exploit the vulnerability over an adjacent network with low complexity. Successful exploitation allows privilege escalation on the underlying host system, providing high confidentiality, integrity, and availability impacts due to the changed scope.
Advisories and further details are available in the researcher's disclosure at https://github.com/Lorenzo-de-Sa/Vulnerability-Research/blob/main/CVE-2024-46480.md and on the vendor's Supravizio page at https://www.venki.com.br/ferramenta-bpm/supravizio/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an authenticated NTLM hash leak in Supravizio BPM exploited for credential access (T1212), enabling Pass the Hash (T1550.002) and overall privilege escalation to RCE on the host (T1068).