Cifs Utils
CVE-2021-20208
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
AnalysisAI
A flaw was found in cifs-utils in versions before 6.13. Rated medium severity (CVSS 6.1).
Technical ContextAI
This vulnerability is classified under CWE-266. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Affected products include: Samba Cifs-Utils, Redhat Enterprise Linux, Fedoraproject Fedora. Version information: before 6.13..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cifs Utils
View allIt was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remot
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could le
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the fil
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) charact
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today