Home > Cyber News > CVE-2022-38023: New Severe Samba Vulnerability Detected
CYBER NEWS

CVE-2022-38023: New Severe Samba Vulnerability Detected

CVE-2022-38023 - samba - vulnerabilities - sensorstechforum

Security researchers have identified four critical vulnerabilities in Samba, a popular open-source file sharing program.

New Severe Vulnerabilities in Samba Allow RCE, Most Severe of Which Is CVE-2022-38023

The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, could allow an attacker to gain remote code execution on a vulnerable system.

The most severe of the four vulnerabilities, CVE-2022-38023, has been assigned a CVSS score of 9.8 out of 10, making it one of the most critical vulnerabilities in Samba. This vulnerability affects all versions of Samba from 4.0.0 onwards and could enable remote code execution attacks.




The other three vulnerabilities, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been assigned a CVSS score of 7.5, 7.2, and 7.2, respectively. These issues affect versions of Samba from 4.0.13 onwards, and could also allow an attacker to perform remote code execution attacks on exposed systems.

Organizations running Samba are advised to update their systems as soon as possible. The Samba project has released security updates to address these vulnerabilities, and these updates should be applied as soon as possible to minimize the risk of exploitation.

These security flaws are yet another reminder of the importance of keeping systems up to date with the latest security patches. Organizations should ensure that they have a process in place to regularly check for and apply security updates to their systems in a timely manner.

Previously Detected Samba Issues

Previous Samba vulnerabilities worth mentioning in terms of severity include:

  • CVE-2017-7494 – An RCE bug in Samba’s SMB Implementation (2017).
  • CVE-2018-1050, CVE-2018-1057 – These could allow unprivileged remote users to carry out DoS attacks against the targeted servers (2018).
  • CVE-2021-44142 – An out-of-bounds heap read/write issue in the VFS module (2022).

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree