CVE-2021-3670

AST

Medium

MaxQueryDuration not honoured in Samba AD DC LDAP

CVSS

6.5

Medium

EPSS

0.02

p73

Published

2021-01-01

Updated

2021-01-01

Description

MaxQueryDuration not honoured in Samba AD DC LDAP

Tags · CWE

CWE-400

CAPEC-147

CAPEC-227

CAPEC-492

Affected products

LdbLdbLdbLdbLdbLdbLdbSambaSambaSambaSambaSambaSambaSambaSambaSambaSambaSambaSambaSamba

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.016 · p73

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1499Endpoint Denial of Service

└ via CAPEC-227 · CWE-400

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Группа Астра (РусБИТех)

Product	Vendor	Status
ldb		Tracked
ldb		Tracked
ldb		Tracked
ldb		Tracked
ldb		Tracked
ldb		Tracked
ldb		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked
samba		Tracked

Showing first 20 of 26

Source databases

AST

DEB

CVE

UBU

Related vulnerabilities

BDU:2024-06958