Search for vulnerabilities
Vulnerability details: VCID-yxjx-wcdt-4bgc
Vulnerability ID VCID-yxjx-wcdt-4bgc
Aliases CVE-2023-4154
Summary A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00314 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
epss 0.00519 https://api.first.org/data/v1/epss?cve=CVE-2023-4154
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4154
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
https://access.redhat.com/security/cve/CVE-2023-4154
https://api.first.org/data/v1/epss?cve=CVE-2023-4154
https://bugzilla.samba.org/show_bug.cgi?id=15424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4154
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20231124-0002/
https://www.samba.org/samba/security/CVE-2023-4154.html
2241883 https://bugzilla.redhat.com/show_bug.cgi?id=2241883
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
CVE-2023-4154 https://nvd.nist.gov/vuln/detail/CVE-2023-4154
USN-6425-1 https://usn.ubuntu.com/6425-1/
USN-6425-3 https://usn.ubuntu.com/6425-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4154.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54172
EPSS Score 0.00314
Published At Aug. 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:20.347803+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.22/main.json 37.0.0