Authorization Bypass

2023-07-2114:57:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

samba

authorization bypass

vulnerability

smb2

man-in-the-middle

attack

network traffic

modification

software

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

33.9%

JSON

samba is vulnerable to Authorization Bypasses. The vulnerability occurs when an attacker sends a specially crafted SMB2 packet to a Samba server. If the packet is valid, the Samba server could be tricked into entering a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages.

CPENameOperatorVersion
samba:sideq2:4.13.2+dfsg-3
samba:sideq2:4.13.5+dfsg-2
sambaeq4.15.4__0.el8
sambaeq4.14.8__100.el8s
sambaeq4.15.6__100.el8s
sambaeq4.15.7__1.el8
sambaeq4.15.7__100.el8s
sambaeq4.13.12__100.el8s
sambaeq4.13.5__1.el8
sambaeq4.13.8__1.el8

Name	Operator	Version
samba:sid	eq	2:4.13.2+dfsg-3
samba:sid	eq	2:4.13.5+dfsg-2
samba	eq	4.15.4__0.el8
samba	eq	4.14.8__100.el8s
samba	eq	4.15.6__100.el8s
samba	eq	4.15.7__1.el8
samba	eq	4.15.7__100.el8s
samba	eq	4.13.12__100.el8s
samba	eq	4.13.5__1.el8
samba	eq	4.13.8__1.el8