Lucene search

K

[email protected]CVE-2019-10197

HistorySep 03, 2019 - 3:15 p.m.

CVE-2019-10197

2019-09-0315:15:00

CWE-22

[email protected]

web.nvd.nist.gov

374

cve-2019-10197

samba

unauthorized access

samba vulnerability

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html

access.redhat.com/errata/RHSA-2019:3253

access.redhat.com/errata/RHSA-2019:4023

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/

seclists.org/bugtraq/2019/Sep/4

security.gentoo.org/glsa/202003-52

security.netapp.com/advisory/ntap-20190903-0001/

support.f5.com/csp/article/K69511801

support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/4121-1/

www.debian.org/security/2019/dsa-4513

www.samba.org/samba/security/CVE-2019-10197.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

Related for CVE-2019-10197

redhatcve1 suse1 fedora10 openvas18 nessus24 osv2 ubuntu1 ibm2 symantec1 f51 altlinux3 debiancve1 ubuntucve1 debian2 prion1 freebsd1 samba1 redhat4 cisa1 veracode1 alpinelinux1 oraclelinux2 centos1 amazon2 mageia1 gentoo1