Strix
26.1K

CVE-2020-25722

HIGHCVSS 8.8/10EPSS 1.58%

Last modified

CVE-2020-25722 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.. EPSS estimates a 1.58% chance of exploitation in the next 30 days.

Description

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.58%

72.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SambaSamba>= 4.0.0, < 4.13.14
SambaSamba>= 4.14.0, < 4.14.10
SambaSamba>= 4.15.0, < 4.15.2
DebianDebian Linux9.0
DebianDebian Linux10.0
FedoraprojectFedora33
FedoraprojectFedora34
FedoraprojectFedora35
CanonicalUbuntu Linux18.04
CanonicalUbuntu Linux20.04
CanonicalUbuntu Linux21.04
CanonicalUbuntu Linux21.10

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-25722?
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
How severe is CVE-2020-25722?
CVE-2020-25722 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.58% probability of exploitation in the next 30 days.
How do I fix CVE-2020-25722?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-25722?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST