Lucene search

K
cvelistRedhatCVELIST:CVE-2019-10218
HistoryNov 06, 2019 - 12:00 a.m.

CVE-2019-10218

2019-11-0600:00:00
CWE-22
redhat
www.cve.org
11
samba client
malicious server
path traversal
file access
vulnerability
privilege escalation

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

69.4%

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CNA Affected

[
  {
    "vendor": "Samba",
    "product": "samba",
    "versions": [
      {
        "version": "all samba versions before samba 4.11.2, 4.10.10 and 4.9.15",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

69.4%