CVE-2022-24581
Description
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via a UNC path upload, leaking user credentials.
Vulnerability
ACEweb Online Portal version 3.5.065 contains a vulnerability that allows an unauthenticated attacker to trigger SMB hash capture. The issue lies in the file upload functionality, which accepts a user-supplied UNC file path (e.g., \\attacker\share\file) instead of a local file. By specifying a remote SMB share, the server will attempt to authenticate to that share, sending the NTLM hash of the user running the ACEweb Online software. The affected version is ACEweb Online Portal 3.5.065 as per the official description [1].
Exploitation
An unauthenticated attacker can exploit this flaw by submitting a file upload request with a UNC path pointing to an attacker-controlled SMB share. No prior authentication or special privileges are required; the attacker must only be able to reach the ACEweb Online Portal and have a network-accessible SMB listener to capture the hash. The server component running ACEweb Online will then attempt to connect to the share, revealing the username and password hash of the service account in the SMB authentication exchange.
Impact
Successful exploitation results in the disclosure of the username and NTLM password hash of the user executing the ACEweb Online software. This hash can potentially be cracked offline or used in further attacks (e.g., pass-the-hash, relay attacks) to gain unauthorized access to other systems or resources. The impact is limited to credential disclosure; no direct file write or code execution is achieved solely through this vulnerability.
Mitigation
As of the publication date (2022-05-27), no official patch or fixed version has been announced in the available references [1]. Users should restrict access to the ACEweb Online Portal to trusted networks only, monitor for unusual SMB outbound traffic, and consider implementing application-level input validation to reject UNC paths. If possible, run the ACEweb Online service with a low-privilege account that has minimal network access. The vendor website does not provide a security advisory [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ACEweb/ACEweb Online Portaldescription
- Range: = 3.5.065
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- aceware.commitrex_refsource_MISC
- aceweb.commitrex_refsource_MISC
- www.aceware.com/forum/viewtopic.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.