CVE-2023-3347

CWE-347 CWE-9248 documents7 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 38.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Samba Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJul 20

Description

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDsamba/samba4.17.0 — 4.17.10+1

▶Debiansamba< 2:4.17.10+dfsg-0+deb12u1+2

▶Ubuntusamba< 2:4.15.13+dfsg-0ubuntu0.20.04.3+1

▶NVDredhat/storage3.0

Also affects: Fedora 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

CVE-2023-3347: A vulnerability was found in Samba's SMB2 packet signing mechanism↗2023-07-20

▶

CVEList

Samba: smb2 packet signing is not enforced when "server signing = required" is set↗2023-07-20

▶

GHSA

GHSA-m82c-5hpw-48f7: A vulnerability was found in Samba's SMB2 packet signing mechanism↗2023-07-20

▶

OSV

samba vulnerabilities↗2023-07-19

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2023-07-19

▶

Red Hat

samba: SMB2 packet signing is not enforced when "server signing = required" is set↗2023-07-19

▶

Debian

CVE-2023-3347: samba - A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 pac...↗2023

▶