CVE-2017-7494

Confirmed PUBLISHED

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to...

Samba · samba
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

malware windows cisa metasploit ransomware
CVE Published
May 30, 2017
Exploitation Reported
Mar 30, 2023
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Samba
samba

since 3.5.0

Affected

CVE References

  • DSA-3860 debian.org · Vendor Advisory http://www.debian.org/security/2017/dsa-3860
  • RHSA-2017:1270 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:1270
  • RHSA-2017:1390 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:1390
  • RHSA-2017:1273 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:1273
  • RHSA-2017:1271 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2017:1271
Show 11 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.