Lucene search

K
cveRedhatCVE-2023-0614
HistoryApr 03, 2023 - 11:15 p.m.

CVE-2023-0614

2023-04-0323:15:06
CWE-312
CWE-200
redhat
web.nvd.nist.gov
139
cve-2023-0614
samba ad dc
cve-2018-10919
bitlocker
ldap
confidential attribute disclosure

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

71.7%

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

Affected configurations

Nvd
Vulners
Node
sambasambaRange4.0.04.16.10
OR
sambasambaRange4.17.04.17.7
OR
sambasambaMatch4.18.0-
OR
sambasambaMatch4.18.0rc1
OR
sambasambaMatch4.18.0rc2
OR
sambasambaMatch4.18.0rc3
OR
sambasambaMatch4.18.0rc4
VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Samba",
    "versions": [
      {
        "version": "samba 4.18.1, samba 4.17.7, samba 4.16.10",
        "status": "affected"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

71.7%