CVE-2023-3347 MEDIUM

CVE-2023-3347: Samba: smb2 packet signing is not enforced when "server signing = required" is set

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-347
Published July 20, 2023
Last update November 20, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Key dates

02Disclosure timeline

July 20, 2023 CVE published
November 20, 2025 Record updated