8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Name | ms17_010 |
---|---|
CVE | CVE-2017-0143, CVE-2017-0146 Exploit Pack |
VENDOR: Microsoft | |
NOTES: https://github.com/worawit/MS17-010 | |
https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-one-leak-and-control/ | |
https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-two-elevate-privileges/ | |
https://hitcon.org/2017/CMT/slide-files/d2_s2_r0.pdf | |
Tested on: | |
- Windows 10 Enterprise N 14393 64bit | |
- Windows 8.1 9600 32bit | |
- Windows 7 Home Basic 7601 Service Pack 1 64bit | |
- Windows 7 Professional N 7601 Service Pack 1 32bit |
- Windows Server 2016 Standard 14393
- Windows Server 2012 R2 Standard 9600
- Windows Server 2008 R2 Datacenter 7600 64bit
VersionsAffected:
Repeatability: Infinite
MSADV: MS17-010
References: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
Date public: 03/16/2017
CVSS: 9.3
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%