Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-3347

Опубликовано: 20 июл. 2023
Источник: nvd
CVSS3: 5.9
EPSS Низкий

Описание

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.17.0 (включая) до 4.17.10 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.18.0 (включая) до 4.18.5 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

EPSS

Процентиль: 61%
0.00419
Низкий

5.9 Medium

CVSS3

Дефекты

CWE-347
NVD-CWE-noinfo
CWE-924

Связанные уязвимости

ubuntu логотип

CVE-2023-3347

CVSS3: 5.9
ubuntu
около 2 лет назад

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

redhat логотип

CVE-2023-3347

CVSS3: 5.9
redhat
около 2 лет назад

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

debian логотип

CVE-2023-3347

CVSS3: 5.9
debian
около 2 лет назад

A vulnerability was found in Samba's SMB2 packet signing mechanism. Th ...

github логотип

GHSA-m82c-5hpw-48f7

CVSS3: 5.9
github
около 2 лет назад

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

oracle-oval логотип

ELSA-2023-4328

oracle-oval
около 2 лет назад

ELSA-2023-4328: samba security and bug fix update (MODERATE)

EPSS

Процентиль: 61%
0.00419
Низкий

5.9 Medium

CVSS3

Дефекты

CWE-347
NVD-CWE-noinfo
CWE-924