Lucene search

K

[email protected]NVD:CVE-2017-12163

HistoryJul 26, 2018 - 4:29 p.m.

CVE-2017-12163

2018-07-2616:29:00

CWE-200

[email protected]

web.nvd.nist.gov

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.664 Medium

EPSS

Percentile

97.9%

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Affected configurations

NVD

Node

sambasambaRange<4.4.16

OR

sambasambaRange4.5.0–4.5.14

OR

sambasambaRange4.6.0–4.6.8

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

Node

redhatgluster_storageMatch3.0

AND

redhatenterprise_linuxMatch6.0

OR

redhatenterprise_linuxMatch7.0

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

References

www.securityfocus.com/bid/100925

www.securitytracker.com/id/1039401

access.redhat.com/errata/RHSA-2017:2789

access.redhat.com/errata/RHSA-2017:2790

access.redhat.com/errata/RHSA-2017:2791

access.redhat.com/errata/RHSA-2017:2858

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us

security.netapp.com/advisory/ntap-20170921-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us

www.debian.org/security/2017/dsa-3983

www.samba.org/samba/security/CVE-2017-12163.html

www.synology.com/support/security/Synology_SA_17_57_Samba

4.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.664 Medium

EPSS

Percentile

97.9%

Related for NVD:CVE-2017-12163