CVE-2022-45141

EPSS 0.35%
Veröffentlicht 06.03.2023 23:15:11
Zuletzt bearbeitet 06.03.2025 21:15:12
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version < 4.15.13

Samba ≫ Samba Version >= 4.16.0 < 4.16.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.567

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://security.gentoo.org/glsa/202309-06

https://www.samba.org/samba/security/CVE-2022-45141.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45141

EUVD