CVE-2022-45141

CRITICAL

Samba < 4.15.13 - Weak Encryption

Title source: rule

Description

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

References (2)

[Vendor Advisory] https://www.samba.org/samba/security/CVE-2022-45141.html

[Third Party Advisory] https://security.gentoo.org/glsa/202309-06

Scores

CVSS v3 9.8

EPSS 0.0067

EPSS Percentile 71.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-326 CWE-328

Status published

Products (1)

samba/samba < 4.15.13

Published Mar 06, 2023

Tracked Since Feb 18, 2026