CVE-2016-2124

moderate-risk

Published 2022-02-18

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

Do I need to act?

0.70% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Samba

Debian Linux

Fedora

Codeready Linux Builder

Gluster Storage

Openstack

Virtualization Host

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Ibm Z Systems

Affected Vendors

Debian Redhat Samba Canonical Fedoraproject

References (8)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2019660

https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

https://security.gentoo.org/glsa/202309-06

Mitigation https://www.samba.org/samba/security/CVE-2016-2124.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2019660

https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

https://security.gentoo.org/glsa/202309-06

Mitigation https://www.samba.org/samba/security/CVE-2016-2124.html

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 24/34 · High