A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 06 Dec 2024 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347

Sat, 23 Nov 2024 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T04:34:44.357Z

Reserved: 2023-06-21T04:43:49.434Z

Link: CVE-2023-3347

cve-icon Vulnrichment

Updated: 2024-08-02T06:55:03.149Z

cve-icon NVD

Status : Modified

Published: 2023-07-20T15:15:11.940

Modified: 2024-12-06T11:15:06.970

Link: CVE-2023-3347

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-07-19T00:00:00Z

Links: CVE-2023-3347 - Bugzilla

cve-icon OpenCVE Enrichment

No data.