Home > Vulnerability Database > CVE-2017-12151

Mend.io Vulnerability Database

CVE-2017-12151

Good to know:

Date: July 27, 2018

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Language: C

Severity Score

7.4

Related Resources (15)

Url: https://access.redhat.com/security/cve/CVE-2017-12151

Url: https://www.debian.org/security/2017/dsa-3983

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151

Url: https://access.redhat.com/errata/RHSA-2017:2790

Url: https://security-tracker.debian.org/tracker/CVE-2017-12151

Url: https://access.redhat.com/errata/RHSA-2017:2858

Url: http://www.securitytracker.com/id/1039401

Url: https://security.netapp.com/advisory/ntap-20170921-0001/

Url: http://www.securityfocus.com/bid/100917

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12151

Url: https://www.samba.org/samba/security/CVE-2017-12151.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-12151

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us

Url: https://www.mend.io/resources/blog/top-5-new-open-source-security-vulnerabilities-in-july-2018

Url: https://www.mend.io/vulnerability-database/CVE-2017-12151

Severity Score

7.4

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Channel Accessible by Non-Endpoint

CWE-300

Top Fix

Upgrade Version

Upgrade to version 4.4.16,4.5.14,4.6.8

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-12151

Good to know:

Date: July 27, 2018

Language: C

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?