9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
attack.mitre.org/versions/v14/matrices/enterprise/
attack.mitre.org/versions/v14/techniques/T1003/
attack.mitre.org/versions/v14/techniques/T1003/
attack.mitre.org/versions/v14/techniques/T1003/002/
attack.mitre.org/versions/v14/techniques/T1003/002/
attack.mitre.org/versions/v14/techniques/T1003/006
attack.mitre.org/versions/v14/techniques/T1003/006
attack.mitre.org/versions/v14/techniques/T1021/
attack.mitre.org/versions/v14/techniques/T1021/
attack.mitre.org/versions/v14/techniques/T1021/002/
attack.mitre.org/versions/v14/techniques/T1021/002/
attack.mitre.org/versions/v14/techniques/T1039/
attack.mitre.org/versions/v14/techniques/T1039/
attack.mitre.org/versions/v14/techniques/T1040/
attack.mitre.org/versions/v14/techniques/T1040/
attack.mitre.org/versions/v14/techniques/T1046/
attack.mitre.org/versions/v14/techniques/T1046/
attack.mitre.org/versions/v14/techniques/T1059/
attack.mitre.org/versions/v14/techniques/T1059/003/
attack.mitre.org/versions/v14/techniques/T1059/003/
attack.mitre.org/versions/v14/techniques/T1078/001/
attack.mitre.org/versions/v14/techniques/T1078/001/
attack.mitre.org/versions/v14/techniques/T1078/002/
attack.mitre.org/versions/v14/techniques/T1078/002/
attack.mitre.org/versions/v14/techniques/T1080/
attack.mitre.org/versions/v14/techniques/T1080/
attack.mitre.org/versions/v14/techniques/T1087/002/
attack.mitre.org/versions/v14/techniques/T1087/002/
attack.mitre.org/versions/v14/techniques/T1110/002/
attack.mitre.org/versions/v14/techniques/T1110/002/
attack.mitre.org/versions/v14/techniques/T1110/003
attack.mitre.org/versions/v14/techniques/T1110/003/
attack.mitre.org/versions/v14/techniques/T1133/
attack.mitre.org/versions/v14/techniques/T1133/
attack.mitre.org/versions/v14/techniques/T1187/
attack.mitre.org/versions/v14/techniques/T1187/
attack.mitre.org/versions/v14/techniques/T1210/
attack.mitre.org/versions/v14/techniques/T1210/
attack.mitre.org/versions/v14/techniques/T1529/
attack.mitre.org/versions/v14/techniques/T1529/
attack.mitre.org/versions/v14/techniques/T1550/
attack.mitre.org/versions/v14/techniques/T1550/
attack.mitre.org/versions/v14/techniques/T1550/002/
attack.mitre.org/versions/v14/techniques/T1550/002/
attack.mitre.org/versions/v14/techniques/T1557/
attack.mitre.org/versions/v14/techniques/T1557/001/
attack.mitre.org/versions/v14/techniques/T1557/001/
attack.mitre.org/versions/v14/techniques/T1557/001/
attack.mitre.org/versions/v14/techniques/T1558/
attack.mitre.org/versions/v14/techniques/T1558/001/
attack.mitre.org/versions/v14/techniques/T1558/002/
attack.mitre.org/versions/v14/techniques/T1558/003/
attack.mitre.org/versions/v14/techniques/T1558/003/
attack.mitre.org/versions/v14/techniques/T1558/003/
attack.mitre.org/versions/v14/techniques/T1595/001/
attack.mitre.org/versions/v14/techniques/T1595/001/
attack.mitre.org/versions/v14/techniques/T1649/
attack.mitre.org/versions/v14/techniques/T1649/
csrc.nist.gov/publications/detail/sp/800-63b/final
csrc.nist.gov/pubs/sp/800/63/b/upd2/final
csrc.nist.gov/pubs/sp/800/63/b/upd2/final
cwe.mitre.org/data/definitions/20.html
github.com/byt3bl33d3r/CrackMapExec
github.com/cisagov/Decider/
github.com/cisagov/RedEye/
github.com/fortra/impacket
github.com/fortra/impacket
github.com/fortra/impacket/blob/master/examples/ntlmrelayx.py
github.com/fortra/impacket/blob/master/examples/ntlmrelayx.py
github.com/kgretzky/evilginx
github.com/kgretzky/evilginx
github.com/lgandx/Responder
github.com/lgandx/Responder
github.com/login-securite/DonPAPI
github.com/login-securite/DonPAPI
github.com/ly4k/Certipy
github.com/ly4k/Certipy
github.com/Porchetta-Industries/CrackMapExec
github.com/topotam/PetitPotam
github.com/topotam/PetitPotam
learn.microsoft.com/en-us/troubleshoot/windows-server/networking/overview-server-message-block-signing
learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
learn.microsoft.com/en-us/windows/win32/ad/service-principal-names
learn.microsoft.com/en-us/windows/win32/ad/service-principal-names
nvd.nist.gov/vuln/detail/CVE-2017-0144
nvd.nist.gov/vuln/detail/CVE-2019-0708
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Enhancing%20Cyber%20Resilience%3A%20Insights%20from%20the%20CISA%20Healthcare%20and%20Public%20Health%20Sector%20Risk%20and%20Vulnerability%20Assessment+https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/resources-tools/resources/risk-and-vulnerability-assessments
www.cisa.gov/securebydesign
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/healthcare-and-public-health-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/healthcare-and-public-health-sector
www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/healthcare-and-public-health-sector
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a&title=Enhancing%20Cyber%20Resilience%3A%20Insights%20from%20the%20CISA%20Healthcare%20and%20Public%20Health%20Sector%20Risk%20and%20Vulnerability%20Assessment
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
www.youtube.com/watch?v=b_ARIVl4BkQ
mailto:?subject=Enhancing%20Cyber%20Resilience%3A%20Insights%20from%20the%20CISA%20Healthcare%20and%20Public%20Health%20Sector%20Risk%20and%20Vulnerability%20Assessment&body=www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%