SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.
SERVER-SAMBA Samba tree connect andx memory corruption attempt
This event is generated when an attempt to exploit CVE-2017-14746 is detected.
Attempted User Privilege Gain
An attacker is attempting to exploit a network vulnerability in Samba < 4.7.2 that can lead to remote code execution.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2017-14746Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
||Ease of Access||