CVE-2021-20208

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://bugzilla.samba.org/show_bug.cgi?id=14651

https://bugzilla.redhat.com/show_bug.cgi?id=1921116

https://lists.fedoraproject.org/archives/list/[email protected]/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/

https://lists.fedoraproject.org/archives/list/[email protected]/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/

Details

Source: MITRE

Published: 2021-04-19

Updated: 2021-10-01

Type: CWE-266

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 6.8

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Impact Score: 4.7

Exploitability Score: 0.8

Severity: MEDIUM

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
153313EulerOS 2.0 SP2 : cifs-utils (EulerOS-SA-2021-2359)NessusHuawei Local Security Checks
medium
153084EulerOS 2.0 SP5 : cifs-utils (EulerOS-SA-2021-2323)NessusHuawei Local Security Checks
medium
152343EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2021-2237)NessusHuawei Local Security Checks
medium
152276EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2021-2263)NessusHuawei Local Security Checks
medium
151539EulerOS Virtualization 2.9.0 : cifs-utils (EulerOS-SA-2021-2207)NessusHuawei Local Security Checks
medium
151533EulerOS Virtualization 2.9.1 : cifs-utils (EulerOS-SA-2021-2191)NessusHuawei Local Security Checks
medium
151305EulerOS Virtualization for ARM 64 3.0.2.0 : cifs-utils (EulerOS-SA-2021-2115)NessusHuawei Local Security Checks
medium
151164EulerOS Virtualization for ARM 64 3.0.6.0 : cifs-utils (EulerOS-SA-2021-2021)NessusHuawei Local Security Checks
medium
151052EulerOS 2.0 SP8 : cifs-utils (EulerOS-SA-2021-1978)NessusHuawei Local Security Checks
medium
149952Photon OS 4.0: Cifs PHSA-2021-4.0-0030NessusPhotonOS Local Security Checks
medium
149919Photon OS 1.0: Cifs PHSA-2021-1.0-0390NessusPhotonOS Local Security Checks
medium
149838Photon OS 2.0: Cifs PHSA-2021-2.0-0344NessusPhotonOS Local Security Checks
medium
149829Photon OS 3.0: Cifs PHSA-2021-3.0-0236NessusPhotonOS Local Security Checks
medium
149598openSUSE Security Update : cifs-utils (openSUSE-2021-639)NessusSuSE Local Security Checks
medium
149224SUSE SLES15 Security Update : cifs-utils (SUSE-SU-2021:1455-1)NessusSuSE Local Security Checks
medium
148515SUSE SLES12 Security Update : cifs-utils (SUSE-SU-2021:1159-1)NessusSuSE Local Security Checks
medium
148507SUSE SLED15 / SLES15 Security Update : cifs-utils (SUSE-SU-2021:1161-1)NessusSuSE Local Security Checks
medium