Threat Advisory: Highly Exploitable Vulnerabilities in Samba
Overview On January 31st, 2022, three vulnerabilities CVE-2021-44141, CVE-2022-0336, CVE-2021-44142 in Samba were publicly disclosed. Samba is a free and open-source software (FOSS) package that provides SMB/CIFS capability for Linux/Unix devices[1]. CVE-2022-0336 is a vulnerability in Samba Active Directory which allows an attacker to bypass service principal name (SPN) checking, allowing an attacker to intercept traffic and impersonate existing services[2].... Read More
February 3, 2022
Threat Advisory