CVE-2017-7494 — Samba Remote Code Execution Vulnerability
2023-03-30 • CISA Known Exploited Vulnerability
[event] Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Samba |
| Product | Samba |
| CWE | CWE-94 |
| CVE ID | CVE-2017-7494 |
| Date Added | 2023-03-30 |
| Due Date | 2023-04-20 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2023-04-20