5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
38.1%
A vulnerability was found in Samba’s SMB2 packet signing mechanism. The
SMB2 packet signing is not enforced if an admin configured “server signing
= required” or for SMB2 connections to Domain Controllers where SMB2 packet
signing is mandatory. This flaw allows an attacker to perform attacks, such
as a man-in-the-middle attack, by intercepting the network traffic and
modifying the SMB2 messages between client and server, affecting the
integrity of the data.
Author | Note |
---|---|
mdeslaur | 4.17.0 and higher only |