NVD - CVE-2021-44142

Vulnerability Change Records for CVE-2021-44142

Change History

Initial Analysis by NIST 2/23/2022 10:47:14 AM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CVSS V2		NIST (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Added	CWE		NIST CWE-125
Added	CWE		NIST CWE-787
Added	CPE Configuration		OR cpe:2.3:a:redhat:codeready_linux_builder:-::::::: cpe:2.3:a:redhat:gluster_storage:3.5::::::: cpe:2.3:a:redhat:virtualization_host:4.0::::::: cpe:2.3:o:redhat:enterprise_linux:7.0::::::: cpe:2.3:o:redhat:enterprise_linux:8.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_eus:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_eus:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:8.1::::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1::::::: cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2::::::: cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::
Added	CPE Configuration		OR cpe:2.3:a:samba:samba::::::::* versions up to (excluding) 4.13.17 cpe:2.3:a:samba:samba::::::::* versions from (including) 4.14.0 up to (excluding) 4.14.12 cpe:2.3:a:samba:samba::::::::* versions from (including) 4.15.0 up to (excluding) 4.15.5
Added	CPE Configuration		OR cpe:2.3:a:synology:diskstation_manager::::::::* versions from (including) 6.2 up to (excluding) 6.2.4-25556.4
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:10.0::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::
Added	CPE Configuration		OR cpe:2.3:o:fedoraproject:fedora:34::::::: cpe:2.3:o:fedoraproject:fedora:35:::::::
Changed	Reference Type	https://bugzilla.samba.org/show_bug.cgi?id=14914 No Types Assigned	https://bugzilla.samba.org/show_bug.cgi?id=14914 Issue Tracking, Patch, Vendor Advisory
Changed	Reference Type	https://kb.cert.org/vuls/id/119678 No Types Assigned	https://kb.cert.org/vuls/id/119678 Patch, Third Party Advisory
Changed	Reference Type	https://www.samba.org/samba/security/CVE-2021-44142.html No Types Assigned	https://www.samba.org/samba/security/CVE-2021-44142.html Mitigation, Vendor Advisory
Changed	Reference Type	https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin No Types Assigned	https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin Exploit, Third Party Advisory, VDB Entry