Lucene search

K
attackerkbAttackerKBAKB:B43D414F-6140-4931-BED8-4AE15FFDFAE1
HistoryMar 17, 2017 - 12:00 a.m.

CVE-2017-0143

2017-03-1700:00:00
attackerkb.com
202

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

Recent assessments:

hrbrmstr at May 12, 2020 7:49pm UTC reported:

This CVE made it into US-CERT’s “Top 10” bulletin released in May, 2020 – <https://www.us-cert.gov/ncas/alerts/aa20-133a&gt; / <https://web.archive.org/web/20200512161248/https://www.us-cert.gov/ncas/alerts/aa20-133a&gt;

  • Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016

  • Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit

  • Mitigation: Update affected Microsoft products with the latest security patches

goodlandsecurity at May 18, 2020 4:52pm UTC reported:

This CVE made it into US-CERT’s “Top 10” bulletin released in May, 2020 – <https://www.us-cert.gov/ncas/alerts/aa20-133a&gt; / <https://web.archive.org/web/20200512161248/https://www.us-cert.gov/ncas/alerts/aa20-133a&gt;

  • Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016

  • Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit

  • Mitigation: Update affected Microsoft products with the latest security patches

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%