What is CVE-2017-12151?

CVE-2017-12151 is a high-severity vulnerability in Samba, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.4/10. Published 2018-07-27.

How severe is CVE-2017-12151?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Samba

CVE-2017-12151

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowi…

EPSS: 0.041 (88.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Samba — versions 4.4.16, 4.5.14, 4.6.8

Weakness classification (CWE)

CWE-300 — Channel Accessible by Non-Endpoint

References

security.netapp.com/advisory/ntap-20170921-0001/ (x_refsource_CONFIRM)
RHSA-2017:2790 (x_refsource_REDHAT, vendor-advisory)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
100917 (vdb-entry, x_refsource_BID)
support.hpe.com/hpsc/doc/public/display (x_refsource_CONFIRM)
DSA-3983 (vendor-advisory, x_refsource_DEBIAN)
RHSA-2017:2858 (x_refsource_REDHAT, vendor-advisory)
1039401 (vdb-entry, x_refsource_SECTRACK)
www.samba.org/samba/security/CVE-2017-12151.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-12151?: CVE-2017-12151 is a high-severity vulnerability in Samba, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.4/10. Published 2018-07-27.
How severe is CVE-2017-12151?: High severity. CVSS v3 base score is 7.4 out of 10.