CVE-2019-9565 : What You Need to Know
Discover the impact of CVE-2019-9565 affecting Druide Antidote versions 8, 9, and 10. Learn about the vulnerability allowing for NTLM hash extraction and SMB relay attacks, and find mitigation steps.
Druide Antidote RX, HD, versions 8 prior to 8.05.2287, 9 prior to 9.5.3937, and 10 prior to 10.1.2147 have a vulnerability that can be exploited by remote attackers to extract NTLM hashes or conduct SMB relay attacks. This vulnerability can occur when the product is launched directly or indirectly through integrations like Chrome, Firefox, Word, Outlook, and others. The issue arises because the product tries to access a share using the subdomain name PLUG-INS, which can be registered by an attacker through Active Directory Domain Services.
Understanding CVE-2019-9565
This CVE identifies a security vulnerability in Druide Antidote versions 8, 9, and 10 that allows for potential NTLM hash extraction and SMB relay attacks.
What is CVE-2019-9565?
The vulnerability in Druide Antidote versions 8, 9, and 10 enables remote attackers to steal NTLM hashes or execute SMB relay attacks by manipulating the product's access to a share with the subdomain name PLUG-INS.
The Impact of CVE-2019-9565
The exploitation of this vulnerability could lead to unauthorized access to sensitive information, compromising the security and integrity of systems where the affected versions of Druide Antidote are installed.
Technical Details of CVE-2019-9565
Dive into the specifics of this vulnerability.
Vulnerability Description
The vulnerability in Druide Antidote versions 8, 9, and 10 allows remote attackers to steal NTLM hashes or perform SMB relay attacks when the product is launched directly or indirectly through various integrations.
Affected Systems and Versions
- Druide Antidote RX, HD, versions 8 before 8.05.2287
- Druide Antidote RX, HD, versions 9 before 9.5.3937
- Druide Antidote RX, HD, versions 10 before 10.1.2147
Exploitation Mechanism
The vulnerability arises due to the product's attempt to access a share using the subdomain name PLUG-INS, which can be registered by an attacker through Active Directory Domain Services.
Mitigation and Prevention
Learn how to address and prevent the CVE-2019-9565 vulnerability.
Immediate Steps to Take
- Update Druide Antidote to the latest patched version to mitigate the vulnerability.
- Avoid launching the product directly or indirectly through integrations until it is updated.
Long-Term Security Practices
- Regularly monitor for security updates and patches for Druide Antidote.
- Implement network segmentation and access controls to limit exposure to potential attacks.
Patching and Updates
- Apply security patches provided by Druide for the affected versions to eliminate the vulnerability.