CVE-2022-45141

EPSS 0.35%
Published 06.03.2023 23:15:11
Last modified 06.03.2025 21:15:12
Source secalert@redhat.com
Teams watchlist Login
Open Login

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version < 4.15.13

Samba ≫ Samba Version >= 4.16.0 < 4.16.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.567

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://security.gentoo.org/glsa/202309-06

https://www.samba.org/samba/security/CVE-2022-45141.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45141

EUVD