[Samba] CVSS V3 score for CVE-2017-15275

Andrew Bartlett abartlet at samba.org
Tue Feb 6 08:36:07 UTC 2018

On Tue, 2018-02-06 at 13:58 +0530, Arjit Gupta via samba wrote:
> Hi Team ,
> Please help us know the CVSS V3 score for CVE-2017-15275.
> NVD <https://nvd.nist.gov/vuln/detail/CVE-2017-15275> and redhat
> <https://access.redhat.com/security/cve/cve-2017-15275> have different
> score.

The difference seems to be the Network vs Adjacent network choice,
which really comes down to if you allow SMB across network segments
(many organisations routinely firewall that off, so this might be why
Red Hat says Adjacent network). 

I hope this helps,

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list