CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 20, 2023

CVE-2017-7494

High

EPSS 94.2%CISA KEVRansomware

Description

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.

EPSS — Exploit Probability

94.2%

Higher than 99.9% of all CVEs

Required Action

https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.2%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Mar 30, 2023

Added to KEV

Mar 30, 2023

Remediation Due

Apr 20, 2023

Affected Product

Samba

View all Samba CVEs

External Links

NVD (NIST)CVE Details MITRE CVE