Insecure service configuration - SMB
Description
SMBv1 is enabled, this version does not support encryption and has multiple vulnerabilities.
Impact
Exploit known vulnerabilities found in the affected components.
Recommendation
Disable SMBv1 and use SMBv3 version.
Threat
Authenticated internal attacker.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
266 - Disable insecure functionalitiesFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
L
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P