CRITICAL🇵🇱 Wersja polska

CVE-2022-45141

CVSS 9.8v3.1pub. 2023-03-06upd. 2025-03-06

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Samba

    APP
    Samba
    < 4.15.134.16.0 – 4.16.8 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-7494CRITICAL9.8⚠ KEVten sam produkt

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerabi...

CVE-2026-4408CRITICAL9.0PL ✓ten sam produkt

Samba: RCE przez command injection w 'check password script' z podstawieniem %u

CVE-2026-4480CRITICAL9.0PL ✓ten sam produkt

Samba: command injection w podsystemie drukowania przez podstawienie %J

CVE-2023-3961CRITICAL9.1ten sam produkt

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix do...

CVE-2022-44640CRITICAL9.8ten sam produkt

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1...