← Back

CVE-2020-25722

nvd nist
Published: Feb 18, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

Affected (12)

Products: Samba: Samba · Debian: Debian Linux · Fedoraproject: Fedora · +1 more
Show all products
Samba: Samba · Debian: Debian Linux · Fedoraproject: Fedora · Canonical: Ubuntu Linux
Samba
1 product
Samba
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Canonical
1 product
Ubuntu Linux
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Samba
Samba
From 4.0.0 to 4.13.14
Samba
From 4.14.0 to 4.14.10
Samba
From 4.15.0 to 4.15.2
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 33
Fedora
Version 34
Fedora
Version 35
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04
Ubuntu Linux
Version 21.04
Ubuntu Linux
Version 21.10

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.