- Description
- HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:cifs-9000_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD06C4B0-0D36-44D7-A215-5A7ADA6A4CFE",
"versionEndIncluding": "a.01.07"
}
],
"operator": "OR"
}
]
}
]