Detections
Analytics
CVE-2017-7494
critical
Description
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
From the Tenable Blog
Detecting SambaCry CVE-2017-7494
Published: 2017-05-26
We’ve seen several critical vulnerabilities lately. First there was WannaCry, and then WannaCry 2.0 (EternalRocks), and now do we have WannaCry 3.0? Well, not really.
References
https://www.exploit-db.com/exploits/42084/
https://www.exploit-db.com/exploits/42060/
https://security.netapp.com/advisory/ntap-20170524-0001/
https://security.gentoo.org/glsa/201805-07
https://access.redhat.com/errata/RHSA-2017:1390
https://access.redhat.com/errata/RHSA-2017:1273
https://access.redhat.com/errata/RHSA-2017:1272
https://access.redhat.com/errata/RHSA-2017:1271
https://access.redhat.com/errata/RHSA-2017:1270
http://www.securitytracker.com/id/1038552
http://www.securityfocus.com/bid/98636
http://www.debian.org/security/2017/dsa-3860
Details
Published: 2017-05-30
Updated: 2025-04-20
Named Vulnerability: SambacryNamed Vulnerability: EternalRedNamed Vulnerability: EternalBlueKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.943