PT-2022-5460 · Microsoft+8 · Windows Kerberos+9

Published

2022-11-08

Updated

2025-08-08

CVE-2022-37967

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Kerberos (affected versions not specified)

Description The issue is related to the implementation of the Kerberos protocol in Windows operating systems, specifically concerning access control weaknesses. Exploitation of this issue may allow a remote attacker to elevate their privileges. The vulnerability is associated with Kerberos constrained delegation, also known as S4U2Proxy, which requires a valid Kerberos ticket, including the PAC, to be presented to the KDC as evidence of user authentication. The PAC's SID list, which contains user groups, is protected by the server's key and then the krbtgt key. However, it is feasible to brute force a new server checksum that matches the value already signed by the krbtgt key, including a privileged group in the PAC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2022-3352

ALT-PU-2023-1371

ALT-PU-2024-1159

ALT-PU-2024-14683

ALT-PU-2024-6715

AZL-43570

AZL-45345

BDU:2022-06787

CVE-2022-37967

ECHO-AE63-2A9F-A927

MGASA-2023-0010

OPENSUSE-SU-2023_0160-1

OPENSUSE-SU-2024:12587-1

SUSE-SU-2023:0014-1

SUSE-SU-2023:0160-1

USN-5822-1

USN-5822-2

USN-5936-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Samba

Suse

Ubuntu

Windows

Windows Kerberos

PT-2022-5460 · Microsoft+8 · Windows Kerberos+9

CVE-2022-37967

Weakness Enumeration

Related Identifiers

Affected Products

References · 103