Lucene search

K
cvelistRedhatCVELIST:CVE-2017-12151
HistoryJul 27, 2018 - 12:00 p.m.

CVE-2017-12151

2018-07-2712:00:00
CWE-300
redhat
www.cve.org

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

CNA Affected

[
  {
    "product": "samba",
    "vendor": "Samba",
    "versions": [
      {
        "status": "affected",
        "version": "4.4.16"
      },
      {
        "status": "affected",
        "version": "4.5.14"
      },
      {
        "status": "affected",
        "version": "4.6.8"
      }
    ]
  }
]

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%