CVE-2020-25717

EPSS 0.2%
Published 18.02.2022 18:15:08
Last modified 21.11.2024 05:18:33
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 3.0.0 < 4.13.14

Samba ≫ Samba Version >= 4.14.0 < 4.14.10

Samba ≫ Samba Version >= 4.15.0 < 4.15.2

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Redhat ≫ Codeready Linux Builder Version-

Redhat ≫ Gluster Storage Version3.0

Redhat ≫ Gluster Storage Version3.5

Redhat ≫ Openstack Version13

Redhat ≫ Openstack Version16.1

Redhat ≫ Openstack Version16.2

Redhat ≫ Virtualization Version4.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Resilient Storage Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Tus Version8.2

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version21.04

Canonical ≫ Ubuntu Linux Version21.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.427

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	8.5	8	9.2	AV:N/AC:L/Au:S/C:C/I:C/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/202309-06

https://bugzilla.redhat.com/show_bug.cgi?id=2019672

Patch

Third Party Advisory

Issue Tracking

https://www.samba.org/samba/security/CVE-2020-25717.html

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2020-25717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25717

EUVD