Unintended Privilege Escalation through Delegated Administrator Rights
CVE-2020-25720

7.5HIGH

Key Information:

Vendor: Samba
Vendor: CVE Published:; 17 November 2024

What is CVE-2020-25720?

A vulnerability exists within Samba where a delegated administrator, granted permission to create objects in Active Directory, retains the ability to modify all attributes of those objects, including those that are security-sensitive, despite the object's initial creation. This situation arises from the absence of an Access Control List (ACL) at the time the object is created, designating the administrator as the 'creator owner.' Due to this oversight, the delegated administrator may possess significant rights that can lead to unintended privilege escalation and other security vulnerabilities. It is crucial for organizations using Samba within their Active Directory environments to assess their configurations and secure their access control settings.

References

https://access.redhat.com/security/cve/CVE-2020-25720

https://bugzilla.redhat.com/show_bug.cgi?id=2305954

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2024