- Home
- CVEs with nessus.description==The version of Samba running on the remote host is 4.x prior to 4.2.14, 4.3.x prior to 4.3.11, or 4.4.x prior to 4.4.5. It is, therefore, affected by a flaw in libcli/smb/smbXcli_base.c that is triggered when handling SMB2 and SMB3 client connections. A man-in-the-middle attacker can exploit this, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags, to downgrade the required signing for a client connection, allowing the attacker to spoof SMB2 and SMB3 servers
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top