CVE-2021-43566

low-risk
Published 2022-01-11

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10 Low
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Samba

References (6)

Exploit https://bugzilla.samba.org/show_bug.cgi?id=13979
Third Party Advisory https://security.netapp.com/advisory/ntap-20220110-0001/
Patch https://www.samba.org/samba/security/CVE-2021-43566.html
Exploit https://bugzilla.samba.org/show_bug.cgi?id=13979
Third Party Advisory https://security.netapp.com/advisory/ntap-20220110-0001/
Patch https://www.samba.org/samba/security/CVE-2021-43566.html
12
/ 100
low-risk
Severity 6/34 · Minimal
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal