CVE-2017-12150 — Channel Accessible by Non-Endpoint in Samba
Severity
7.4HIGHNVD
EPSS
19.9%
top 4.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 26
Latest updateMay 13
Description
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
6Microsoft▶
It was found that samba before 4.4.16 4.5.x before 4.5.14 and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-↗2018-07-10
Red Hat▶
samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)↗2017-10-24
💬Community
3Bugzilla▶
CVE-2017-15085 samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)↗2017-10-24
Bugzilla
▶
Bugzilla
▶