VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g427-q578-aaag

Essentials
Severities (105)
References (49)
Severity details (19)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-g427-q578-aaag
Aliases	CVE-2022-2127
Summary	An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2023:6667
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:6667
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2023:7139
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7139
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2024:0423
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0423
cvssv3.1	5.9	https://access.redhat.com/errata/RHSA-2024:0580
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0580
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2127.json
cvssv3.1	5.9	https://access.redhat.com/security/cve/CVE-2022-2127
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00139	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.01247	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
epss	0.03714	https://api.first.org/data/v1/epss?cve=CVE-2022-2127
cvssv3.1	5.9	https://bugzilla.redhat.com/show_bug.cgi?id=2222791
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2222791
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2022-2127
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-2127
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2022-2127
cvssv3.1	5.9	https://www.samba.org/samba/security/CVE-2022-2127.html
ssvc	Track	https://www.samba.org/samba/security/CVE-2022-2127.html

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2023:6667
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2127.json
		https://access.redhat.com/security/cve/CVE-2022-2127
		https://api.first.org/data/v1/epss?cve=CVE-2022-2127
		https://bugzilla.redhat.com/show_bug.cgi?id=2222791
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/
		https://security.netapp.com/advisory/ntap-20230731-0010/
		https://www.debian.org/security/2023/dsa-5477
		https://www.samba.org/samba/security/CVE-2022-2127.html
cpe:2.3:a:samba:samba::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba::::::::
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb
cpe:/a:redhat:enterprise_linux:9::resilientstorage		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::resilientstorage
cpe:/a:redhat:rhel_eus:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.6::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::crb
cpe:/a:redhat:rhel_eus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:8.8::crb		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::crb
cpe:/a:redhat:storage:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:storage:3
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhev_hypervisor:4.4::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhev_hypervisor:4.4::el8
CVE-2022-2127		https://nvd.nist.gov/vuln/detail/CVE-2022-2127
GLSA-202402-28		https://security.gentoo.org/glsa/202402-28
RHSA-2023:7139		https://access.redhat.com/errata/RHSA-2023:7139
RHSA-2024:0423		https://access.redhat.com/errata/RHSA-2024:0423
RHSA-2024:0580		https://access.redhat.com/errata/RHSA-2024:0580
USN-6238-1		https://usn.ubuntu.com/6238-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:6667

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://access.redhat.com/errata/RHSA-2023:6667

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7139

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://access.redhat.com/errata/RHSA-2023:7139

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:0423

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://access.redhat.com/errata/RHSA-2024:0423

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:0580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://access.redhat.com/errata/RHSA-2024:0580

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2127.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2022-2127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://access.redhat.com/security/cve/CVE-2022-2127

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2222791

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2222791

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2127

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.samba.org/samba/security/CVE-2022-2127.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:21:45Z/ Found at https://www.samba.org/samba/security/CVE-2022-2127.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.50425
EPSS Score	0.00139
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.