[Samba] CVSS V3 score for CVE-2017-15275
Andrew Bartlett
abartlet at samba.org
Tue Feb 6 08:36:07 UTC 2018
On Tue, 2018-02-06 at 13:58 +0530, Arjit Gupta via samba wrote:
> Hi Team ,
>
>
>
> Please help us know the CVSS V3 score for CVE-2017-15275.
>
>
>
> NVD <https://nvd.nist.gov/vuln/detail/CVE-2017-15275> and redhat
> <https://access.redhat.com/security/cve/cve-2017-15275> have different
> score.
The difference seems to be the Network vs Adjacent network choice,
which really comes down to if you allow SMB across network segments
(many organisations routinely firewall that off, so this might be why
Red Hat says Adjacent network).
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list