CVE-2017-12151
CVE-2017-12151
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.4EPSS 4.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
27 jul 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Samba · samba¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2017:2790https://access.redhat.com/errata/RHSA-2017:2858https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151https://security.netapp.com/advisory/ntap-20170921-0001/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_ushttps://www.debian.org/security/2017/dsa-3983https://www.samba.org/samba/security/CVE-2017-12151.htmlhttp://www.securityfocus.com/bid/100917http://www.securitytracker.com/id/1039401