5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.451 Medium
EPSS
Percentile
97.4%
An elevation of privilege vulnerability exists when an attacker establishes
a vulnerable Netlogon secure channel connection to a domain controller,
using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully
exploited the vulnerability could run a specially crafted application on a
device on the network. To exploit the vulnerability, an unauthenticated
attacker would be required to use MS-NRPC to connect to a domain controller
to obtain domain administrator access. Microsoft is addressing the
vulnerability in a phased two-part rollout. These updates address the
vulnerability by modifying how Netlogon handles the usage of Netlogon
secure channels. For guidelines on how to manage the changes required for
this vulnerability and more information on the phased rollout, see How to
manage the changes in Netlogon secure channel connections associated with
CVE-2020-1472 (updated September 28, 2020). When the second phase of
Windows updates become available in Q1 2021, customers will be notified via
a revision to this security vulnerability. If you wish to be notified when
these updates are released, we recommend that you register for the security
notifications mailer to be alerted of content changes to this advisory. See
Microsoft Technical Security Notifications.
Author | Note |
---|---|
mdeslaur | Starting with Samba 4.8, “server schannel” defaults to “yes” instead of “auto”. This is sufficient to address this vulnerability. See details in the upstream bug report. There may be an additional commit to make ServerAuthenticate3 fail so that the false positive reported by the third party vulnerability scanning tools is fixed. |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.451 Medium
EPSS
Percentile
97.4%