Lucene search

K

Redhat.comRH:CVE-2023-3347

HistoryJul 20, 2023 - 9:31 a.m.

CVE-2023-3347

2023-07-2009:31:05

redhat.com

access.redhat.com

55

samba

smb2

packet signing

vulnerability

man-in-the-middle

attack

integrity

data

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

38.1%

A vulnerability was found in Samba’s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured “server signing = required” or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

References

bugzilla.redhat.com/show_bug.cgi?id=2222792

nvd.nist.gov/vuln/detail/CVE-2023-3347

www.cve.org/CVERecord?id=CVE-2023-3347

www.samba.org/samba/security/CVE-2023-3347.html

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

38.1%

Related for RH:CVE-2023-3347

oraclelinux2 nessus16 debiancve1 samba1 almalinux2 redhat2 osv5 openvas8 cvelist1 prion1 cve1 ubuntucve1 veracode1 nvd1 ibm1 mageia1 freebsd1 cloudfoundry1 slackware1 ubuntu1 fedora2 debian1 redos1 gentoo1 hp1