Detections
Analytics

Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)

medium Nessus Plugin ID 130628

Language:

Synopsis

The remote Samba server is potentially affected by a password complexity check bypass vulnerability.

Description

The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to 4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An authenticated attacker could use this flaw to change their password to a weak password that fails the configured password complexity check.

Solution

Upgrade to Samba version 4.9.15 / 4.10.10 / 4.11.2 or later.

See Also

http://www.nessus.org/u?0f566831

Plugin Details

Severity: Medium

ID: 130628

File Name: samba_CVE-2019-14833.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 11/8/2019

Updated: 12/13/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2019-14833

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: Settings/ParanoidReport, SMB/samba, SMB/NativeLanManager

Exploit Ease: No known exploits are available

Patch Publication Date: 10/29/2019

Vulnerability Publication Date: 10/29/2019

Reference Information

CVE: CVE-2019-14833