CVE-2022-37966

2022-11-0900:00:00

ubuntu.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.091 Low

EPSS

Percentile

94.5%

JSON

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=15237>

Notes

Author	Note
mdeslaur	commits come after CVE-2022-38023 and CVE-2022-45141 The focal samba update was temporarily reverted by USN 5822-2 because it introduced regressions. It was later updated again with USN 5936-1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsamba< anyUNKNOWN
ubuntu20.04noarchsamba< 2:4.15.13+dfsg-0ubuntu0.20.04.1UNKNOWN
ubuntu22.04noarchsamba< 2:4.15.13+dfsg-0ubuntu1UNKNOWN
ubuntu22.10noarchsamba< 2:4.16.8+dfsg-0ubuntu1UNKNOWN
ubuntu23.04noarchsamba< 2:4.17.5+dfsg-2ubuntu1UNKNOWN
ubuntu23.10noarchsamba< 2:4.17.5+dfsg-2ubuntu1UNKNOWN
ubuntu14.04noarchsamba< anyUNKNOWN
ubuntu16.04noarchsamba< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	samba	< any	UNKNOWN
ubuntu	20.04	noarch	samba	< 2:4.15.13+dfsg-0ubuntu0.20.04.1	UNKNOWN
ubuntu	22.04	noarch	samba	< 2:4.15.13+dfsg-0ubuntu1	UNKNOWN
ubuntu	22.10	noarch	samba	< 2:4.16.8+dfsg-0ubuntu1	UNKNOWN
ubuntu	23.04	noarch	samba	< 2:4.17.5+dfsg-2ubuntu1	UNKNOWN
ubuntu	23.10	noarch	samba	< 2:4.17.5+dfsg-2ubuntu1	UNKNOWN
ubuntu	14.04	noarch	samba	< any	UNKNOWN
ubuntu	16.04	noarch	samba	< any	UNKNOWN