Search for vulnerabilities
Vulnerability details: VCID-q3ey-j1af-aaaj
Vulnerability ID VCID-q3ey-j1af-aaaj
Aliases CVE-2023-4154
Summary A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
epss 0.00070 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00809 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.02527 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4154
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4154
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
https://access.redhat.com/security/cve/CVE-2023-4154
https://api.first.org/data/v1/epss?cve=CVE-2023-4154
https://bugzilla.samba.org/show_bug.cgi?id=15424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4154
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20231124-0002/
https://www.samba.org/samba/security/CVE-2023-4154.html
2241883 https://bugzilla.redhat.com/show_bug.cgi?id=2241883
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
CVE-2023-4154 https://nvd.nist.gov/vuln/detail/CVE-2023-4154
GLSA-202402-28 https://security.gentoo.org/glsa/202402-28
USN-6425-1 https://usn.ubuntu.com/6425-1/
USN-6425-3 https://usn.ubuntu.com/6425-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.31738
EPSS Score 0.00070
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.