Lucene search

K
ibmIBM7C5D53AEE48A2A496BE65AE25DBAC7734281FC109610B5900F31F151F52B125C
HistoryApr 27, 2022 - 11:02 a.m.

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)

2022-04-2711:02:22
www.ibm.com
17

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:C/A:N

0.001 Low

EPSS

Percentile

40.0%

Summary

A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow remote authenticated attacker to gain elevated privileges .

Vulnerability Details

CVEID:CVE-2020-25717
**DESCRIPTION:**Samba could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in mapping domain users to local users. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root on domain members.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Scale 5.0.0 - 5.0.5.11
IBM Spectrum Scale 5.1.0 - 5.1.2.2

Remediation/Fixes

For IBM Spectrum Scale V5.0.0.0 through 5.0.5.11, apply V5.0.5.12 or later available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=Linux+PPC64LE&function=all

For IBM Spectrum Scale V5.1.0 through V5.1.2.2, apply V5.1.2.3 or V5.1.3 or later available from FixCentral at: https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.3&platform=Linux+PPC64LE&function=all

Workarounds and Mitigations

None

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:C/A:N

0.001 Low

EPSS

Percentile

40.0%

Related for 7C5D53AEE48A2A496BE65AE25DBAC7734281FC109610B5900F31F151F52B125C