ET EXPLOIT NTLM Hash Disclosure via InternetShortcut File Inbound with UNC Path Inbound (CVE-2024-43451)

SID: 2062313Rev: 160 views
Sourceet/open
CreatedMay 13, 2025
UpdatedMay 13, 2025
Classificationattempted-user
alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT NTLM Hash Disclosure via InternetShortcut File Inbound with UNC Path Inbound (CVE-2024-43451)"; flow:established,to_client; file.data; content:"|5b|InternetShortcut"; fast_pattern; pcre:"/^(?:\x2e[AW])\x5d/R"; content:"|3d 5c 5c 5c 5c|"; reference:url,research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/; reference:cve,2024-43451; classtype:attempted-user; sid:2062313; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_05_13, cve CVE_2024_43451, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2025_05_13; target:dest_ip;)

References

urlresearch.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
cve2024-43451

Metadata

attack targetClient_Endpoint
created at2025_05_13
deploymentInternal
performance impactLow
confidenceHigh
signature severityMajor
tagCISA_KEV
updated at2025_05_13

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!