How to fix EUVD-2024-17009?

Within 24 hours: Inventory all Windows OSSEC agents and identify those running versions prior to 3.8.0; restrict administrative access to OSSEC servers and secure agent keys. Within 7 days: Implement network segmentation to prevent UNC path connections from OSSEC agents; deploy enhanced monitoring for NetNTLMv2 relay attacks and AD CS certificate requests. Within 30 days: Develop upgrade strategy for affected agents to version 3.8.0 or later; conduct credential audit for potentially compromised machine accounts.

Is Windows affected by EUVD-2024-17009?

A critical vulnerability in OSSEC HIDS Windows agents (pre-3.8.0) allows attackers with server access or agent keys to force credential theft and potential system compromise.

EUVD-2024-17009

| CVE-2024-1244 CRITICAL

2025-06-11 41c37e40-543d-43a2-b660-2fee83ea851a

9.5

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2024-17009

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

CVE Published

Jun 11, 2025 - 03:15 nvd

CRITICAL 9.5

Description

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.

Analysis

A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.

Technical Context

CWE-20 (Improper Input Validation). CVSS 9.5 indicates critical severity with likely remote exploitation vector. Affects the OSSEC HIDS agent for Windows.

Affected Products

['the OSSEC HIDS agent for Windows']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.5

CVSS: +48

POC: 0

EUVD-2024-17009 vulnerability details – vuln.today

Back

EUVD-2024-17009

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2024-17009

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code