VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-24b3-9a5f-aaag

Essentials
Severities (92)
References (18)
Severity details (5)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-24b3-9a5f-aaag
Aliases	CVE-2022-0336
Summary	The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-276

Incorrect Default Permissions

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0336.json
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00205	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00295	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00295	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00295	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00295	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00337	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00432	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
epss	0.00539	https://api.first.org/data/v1/epss?cve=CVE-2022-0336
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-0336
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-0336
archlinux	Critical	https://security.archlinux.org/AVG-2648

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0336.json
		https://access.redhat.com/security/cve/CVE-2022-0336
		https://api.first.org/data/v1/epss?cve=CVE-2022-0336
		https://bugzilla.redhat.com/show_bug.cgi?id=2046134
		https://bugzilla.samba.org/show_bug.cgi?id=14950
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c
		https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400
		https://security.gentoo.org/glsa/202309-06
		https://www.samba.org/samba/security/CVE-2022-0336.html
1004694		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004694
AVG-2648		https://security.archlinux.org/AVG-2648
cpe:2.3:a:samba:samba::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2022-0336		https://nvd.nist.gov/vuln/detail/CVE-2022-0336
USN-5260-1		https://usn.ubuntu.com/5260-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0336.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0336

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0336

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.43103
EPSS Score	0.00205
Published At	May 10, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.