Vulnerability Details : CVE-2020-14318
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
Products affected by CVE-2020-14318
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-14318
Top countries where our scanners detected CVE-2020-14318
Top open port discovered on systems with this issue
80
IPs affected by CVE-2020-14318 909,645
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-14318!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-14318
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14318
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-07-03 |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-14318
-
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- secalert@redhat.com (Primary)
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2020-14318
-
https://bugzilla.redhat.com/show_bug.cgi?id=1892631
1892631 – (CVE-2020-14318) CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotifyIssue Tracking;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
[SECURITY] [DLA 3792-1] samba security update
-
https://security.gentoo.org/glsa/202012-24
Samba: Multiple vulnerabilities (GLSA 202012-24) — Gentoo securityThird Party Advisory
-
https://www.samba.org/samba/security/CVE-2020-14318.html
Vendor Advisory
Jump to