CVE-2023-3347

Samba: smb2 packet signing is not enforced when "server signing = required" is set

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

*Credits: N/A

CVSS Scores

NISTv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-21 CVE Reserved
2023-07-20 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CAPEC

References (9)

URL	Tag	Source
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z
https://security.netapp.com/advisory/ntap-20230731-0010
https://www.debian.org/security/2023/dsa-5477

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:4325	2024-07-03
https://access.redhat.com/errata/RHSA-2023:4328	2024-07-03
https://access.redhat.com/security/cve/CVE-2023-3347	2023-07-31
https://bugzilla.redhat.com/show_bug.cgi?id=2222792	2023-07-31
https://www.samba.org/samba/security/CVE-2023-3347.html	2024-07-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.17.0 < 4.17.10 Search vendor "Samba" for product "Samba" and version " >= 4.17.0 < 4.17.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.18.0 < 4.18.5 Search vendor "Samba" for product "Samba" and version " >= 4.18.0 < 4.18.5"		-		Affected
Redhat Search vendor "Redhat"		Storage Search vendor "Redhat" for product "Storage"				3.0 Search vendor "Redhat" for product "Storage" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected