CVE-2023-3347

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Samba (affected versions not specified)

Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347CWE-924

Related Identifiers

ALSA-2023:4325

ALSA-2023:4328

ALT-PU-2023-4523

ALT-PU-2023-7794

ALT-PU-2024-12484

AZL-48166

BDU:2024-01904

CESA-2023_4328

CVE-2023-3347

DSA-5477-1

MGASA-2023-0247

OESA-2023-1452

OESA-2023-1453

OPENSUSE-SU-2024:13071-1

RHSA-2023:4325

RHSA-2023:4328

RHSA-2023_4325

RHSA-2023_4328

SUSE-SU-2023:2929-1

SUSE-SU-2023_2929-1

USN-6238-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Samba

Suse

Ubuntu

CVE-2023-3347

Weakness Enumeration

Related Identifiers

Affected Products

References · 74