Search for vulnerabilities
Vulnerability details: VCID-ny1w-v2d1-aaaj
Vulnerability ID VCID-ny1w-v2d1-aaaj
Aliases CVE-2021-23192
Summary A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23192.html
rhas Important https://access.redhat.com/errata/RHSA-2021:4843
rhas Important https://access.redhat.com/errata/RHSA-2021:5082
rhas Important https://access.redhat.com/errata/RHSA-2022:0008
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23192.json
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2021-23192
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2019666
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
cvssv3.1 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2021-23192
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23192
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23192
archlinux Medium https://security.archlinux.org/AVG-2538
generic_textual Medium https://ubuntu.com/security/notices/USN-5142-1
generic_textual Medium https://www.samba.org/samba/history/samba-4.13.14.html
generic_textual Medium https://www.samba.org/samba/security/CVE-2021-23192.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23192.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23192.json
https://api.first.org/data/v1/epss?cve=CVE-2021-23192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202309-06
https://ubuntu.com/security/CVE-2021-23192
https://ubuntu.com/security/notices/USN-5142-1
https://www.samba.org/samba/history/samba-4.13.14.html
https://www.samba.org/samba/security/CVE-2021-23192.html
2019666 https://bugzilla.redhat.com/show_bug.cgi?id=2019666
AVG-2538 https://security.archlinux.org/AVG-2538
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
CVE-2021-23192 https://nvd.nist.gov/vuln/detail/CVE-2021-23192
RHSA-2021:4843 https://access.redhat.com/errata/RHSA-2021:4843
RHSA-2021:5082 https://access.redhat.com/errata/RHSA-2021:5082
RHSA-2022:0008 https://access.redhat.com/errata/RHSA-2022:0008
USN-5142-1 https://usn.ubuntu.com/5142-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23192.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-23192
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-23192
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-23192
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15501
EPSS Score 0.0005
Published At June 27, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.