Lucene search

[email protected]NVD:CVE-2023-3347

HistoryJul 20, 2023 - 3:15 p.m.

CVE-2023-3347

2023-07-2015:15:11

CWE-924

[email protected]

web.nvd.nist.gov

samba

smb2

packet signing

vulnerability

man-in-the-middle

attack

network traffic

data integrity

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

35.7%

JSON

A vulnerability was found in Samba’s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured “server signing = required” or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Affected configurations

Nvd

Node

sambasambaRange4.17.0–4.17.10

sambasambaRange4.18.0–4.18.5

Node

redhatstorageMatch3.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

Node

fedoraprojectfedoraMatch38

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
redhatstorage3.0cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
redhat	storage	3.0	cpe:2.3:a:redhat:storage:3.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
fedoraproject	fedora	38	cpe:2.3:o:fedoraproject:fedora:38:::::::*