CVE-2024-37370: 
Kerberos Analisi e mitigazione delle vulnerabilità

A vulnerability was discovered in MIT Kerberos 5 (krb5) versions prior to 1.21.3, identified as CVE-2024-37370. The vulnerability allows an attacker to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application (NVD, MIT Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high confidentiality impact (NVD, NetApp Advisory).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information. The vulnerability affects the confidentiality of the system while having no direct impact on integrity or availability (NetApp Advisory).

The primary mitigation is to upgrade to MIT Kerberos 5 version 1.21.3 or later. A patch has been released and is available through the official commit (GitHub Patch). Various vendors have also released their own security updates to address this vulnerability in their products.