CVE-2016-2112
high-risk
Published 2016-04-25
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Do I need to act?
!
19.6% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
References (74)
and 54 more references
65
/ 100
high-risk
Severity
18/34 · Moderate
Exploitability
14/34 · Moderate
Exposure
33/34 · Critical