5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.3%
According to its banner, the version of Samba 3.x or 4.x running on the remote host is earlier than 3.5.21 / 3.6.12 or 4.0.2. It is, therefore, affected by the following vulnerabilities :
An error exists in the SWAT interface that could allow ‘clickjacking’ attacks. (CVE-2013-0213, Issue #9576)
An error exists in the SWAT interface that could allow cross-site request forgery (XSRF) attacks. (CVE-2013-0214, Issue #9577)
Note that these issues are only exploitable when SWAT is enabled and it is not enabled by default.
Binary data 6686.prm