Search for vulnerabilities
Vulnerability details: VCID-da3y-51pb-dqda
Vulnerability ID VCID-da3y-51pb-dqda
Aliases CVE-2017-7494
Summary
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2017:1270
ssvc Act https://access.redhat.com/errata/RHSA-2017:1270
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2017:1271
ssvc Act https://access.redhat.com/errata/RHSA-2017:1271
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2017:1272
ssvc Act https://access.redhat.com/errata/RHSA-2017:1272
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2017:1273
ssvc Act https://access.redhat.com/errata/RHSA-2017:1273
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2017:1390
ssvc Act https://access.redhat.com/errata/RHSA-2017:1390
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7494.json
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94243 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
epss 0.94325 https://api.first.org/data/v1/epss?cve=CVE-2017-7494
cvssv3.1 9.8 https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
ssvc Act https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
cvssv2 9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
ssvc Act https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
cvssv3.1 9.8 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
ssvc Act https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
archlinux High https://security.archlinux.org/AVG-279
cvssv3.1 9.8 https://security.gentoo.org/glsa/201805-07
ssvc Act https://security.gentoo.org/glsa/201805-07
cvssv3.1 9.8 https://security.netapp.com/advisory/ntap-20170524-0001/
ssvc Act https://security.netapp.com/advisory/ntap-20170524-0001/
cvssv3.1 9.8 https://www.exploit-db.com/exploits/42060/
ssvc Act https://www.exploit-db.com/exploits/42060/
cvssv3.1 9.8 https://www.exploit-db.com/exploits/42084/
ssvc Act https://www.exploit-db.com/exploits/42084/
cvssv3.1 9.8 https://www.samba.org/samba/security/CVE-2017-7494.html
ssvc Act https://www.samba.org/samba/security/CVE-2017-7494.html
cvssv3.1 9.8 http://www.debian.org/security/2017/dsa-3860
ssvc Act http://www.debian.org/security/2017/dsa-3860
cvssv3.1 9.8 http://www.securityfocus.com/bid/98636
ssvc Act http://www.securityfocus.com/bid/98636
cvssv3.1 9.8 http://www.securitytracker.com/id/1038552
ssvc Act http://www.securitytracker.com/id/1038552
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7494.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1038552 http://www.securitytracker.com/id/1038552
1450347 https://bugzilla.redhat.com/show_bug.cgi?id=1450347
201805-07 https://security.gentoo.org/glsa/201805-07
42060 https://www.exploit-db.com/exploits/42060/
42084 https://www.exploit-db.com/exploits/42084/
98636 http://www.securityfocus.com/bid/98636
ASA-201705-22 https://security.archlinux.org/ASA-201705-22
AVG-279 https://security.archlinux.org/AVG-279
CVE-2017-7494 Exploit https://github.com/rapid7/metasploit-framework/blob/ae22b4ccf4a3dde77ec339d83091b057aa7e9a77/modules/exploits/linux/samba/is_known_pipename.rb
CVE-2017-7494 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/42060.py
CVE-2017-7494 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/42084.rb
CVE-2017-7494.html https://www.samba.org/samba/security/CVE-2017-7494.html
display?docLocale=en_US&docId=emr_na-hpesbns03755en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
display?docLocale=en_US&docId=emr_na-hpesbux03759en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
dsa-3860 http://www.debian.org/security/2017/dsa-3860
files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01 https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
ntap-20170524-0001 https://security.netapp.com/advisory/ntap-20170524-0001/
RHSA-2017:1270 https://access.redhat.com/errata/RHSA-2017:1270
RHSA-2017:1271 https://access.redhat.com/errata/RHSA-2017:1271
RHSA-2017:1272 https://access.redhat.com/errata/RHSA-2017:1272
RHSA-2017:1273 https://access.redhat.com/errata/RHSA-2017:1273
RHSA-2017:1390 https://access.redhat.com/errata/RHSA-2017:1390
USN-3296-1 https://usn.ubuntu.com/3296-1/
USN-3296-2 https://usn.ubuntu.com/3296-2/
Data source KEV
Date added March 30, 2023
Description Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Required action Apply updates per vendor instructions.
Due date April 20, 2023
Note 
https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494
Ransomware campaign use Known
Data source Metasploit
Description This module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.
Note 
Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date March 24, 2017
Platform Linux
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/samba/is_known_pipename.rb
Data source Exploit-DB
Date added May 29, 2017
Description Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)
Ransomware campaign use Known
Source publication date May 29, 2017
Exploit type remote
Platform linux
Source update date Sept. 6, 2017
Source URL https://github.com/rapid7/metasploit-framework/blob/ae22b4ccf4a3dde77ec339d83091b057aa7e9a77/modules/exploits/linux/samba/is_known_pipename.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://access.redhat.com/errata/RHSA-2017:1270
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1271
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://access.redhat.com/errata/RHSA-2017:1271
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1272
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://access.redhat.com/errata/RHSA-2017:1272
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1273
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://access.redhat.com/errata/RHSA-2017:1273
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1390
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://access.redhat.com/errata/RHSA-2017:1390
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7494.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201805-07
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://security.gentoo.org/glsa/201805-07
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20170524-0001/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://security.netapp.com/advisory/ntap-20170524-0001/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42060/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://www.exploit-db.com/exploits/42060/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42084/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://www.exploit-db.com/exploits/42084/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.samba.org/samba/security/CVE-2017-7494.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at https://www.samba.org/samba/security/CVE-2017-7494.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2017/dsa-3860
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at http://www.debian.org/security/2017/dsa-3860
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/98636
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at http://www.securityfocus.com/bid/98636
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1038552
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:29:34Z/ Found at http://www.securitytracker.com/id/1038552
Exploit Prediction Scoring System (EPSS)
Percentile 0.9992
EPSS Score 0.94243
Published At Aug. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:33:38.553852+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.3/main.json 37.0.0