Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

Published

2022-02-18T18:15:08.643

Last Modified

2024-11-21T05:18:34.627

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-863
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	samba	< 4.13.14	Yes
Application	samba	samba	< 4.14.10	Yes
Application	samba	samba	< 4.15.2	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	20.04	Yes
Operating System	canonical	ubuntu_linux	21.04	Yes
Operating System	canonical	ubuntu_linux	21.10	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2019764 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202309-06 ([email protected])
https://www.samba.org/samba/security/CVE-2020-25722.html Mitigation, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2019764 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202309-06 (af854a3a-2127-422b-91ae-364da2661108)
https://www.samba.org/samba/security/CVE-2020-25722.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)