8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Samba is vulnerable to man-in-the-middle vulnerability. The vulnerability occurs due to weak NTLMv1 authentication even when NTLMv1 is explicitly disabled. Attackers could bypass certain security restrictions and gain unauthorized access to resources such as credential and other details passed between the samba server and client.
www.securityfocus.com/bid/105084
access.redhat.com/errata/RHSA-2018:2612
access.redhat.com/errata/RHSA-2018:2613
access.redhat.com/errata/RHSA-2018:3056
access.redhat.com/security/cve/cve-2018-1139
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1511931
bugzilla.redhat.com/show_bug.cgi?id=1511941
bugzilla.redhat.com/show_bug.cgi?id=1592794
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1139
security.gentoo.org/glsa/202003-52
security.netapp.com/advisory/ntap-20180814-0001/
usn.ubuntu.com/3738-1/
www.samba.org/samba/security/CVE-2018-1139.html
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N