Encryption Flaw in Samba Client Affects Multiple Versions
CVE-2017-12151

7.4HIGH

Key Information:

Vendor

Samba

Status
Samba
Vendor
CVE Published:
27 July 2018

What is CVE-2017-12151?

A vulnerability has been identified in the Samba client that affects versions prior to 4.4.16, 4.5.14, and 4.6.8. This issue arises from improper handling of encryption when the maximum protocol is set to SMB3. An attacker may exploit this weakness to intercept or modify the content of the connection during DFS redirects. This allows for potential unauthorized access to sensitive information or manipulation of data by executing a man-in-the-middle attack.

Affected Version(s)

samba 4.4.16

samba 4.5.14

samba 4.6.8

References

https://security.netapp.com/advisory/ntap-20170921-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2790
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151
x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.