Rapid7 Vulnerability & Exploit Database

CIFS NULL Session Permitted

Back to Search

CIFS NULL Session Permitted

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/01/1997
Created
07/25/2018
Added
11/01/2004
Modified
03/21/2018

Description

NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as Samba or the Solaris CIFS Server. These anonymous users may be able to enumerate local users, groups, servers, shares, domains, domain policies, and may be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities. The wealth of information available to attackers through NULL sessions may also allow them to carry out more sophisticated attacks.

Solution(s)

  • windows-2016-restrictanonymous
  • windows-10-restrictanonymous
  • windows-2012r2-restrictanonymous
  • windows-81-restrictanonymous
  • windows-2012-restrictanonymous
  • windows-8-restrictanonymous
  • windows-2008r2-restrictanonymous
  • windows-7-restrictanonymous
  • windows-2008-restrictanonymous
  • windows-vista-restrictanonymous
  • windows-2003-restrictanonymous
  • windows-xp-restrictanonymous
  • windows-2000-restrictanonymous
  • windows-nt4-restrictanonymous
  • linux-samba-restrictanonymous
  • netware-null-session-pwd-policy

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;