Lucene search

K
kitploitKitPloitKITPLOIT:8917740741292426205
HistoryJan 07, 2018 - 8:04 p.m.

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

2018-01-0720:04:00
www.kitploit.com
52

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.975

Percentile

100.0%

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn’t be able to.

This tool is originally based on Microsoft: <https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in&gt;

Please note:

This solution has been tested successfully using Python 3.6.3 & PowerShell version 5.1.

How do I use this?

  • Run the python code or download the executable from the releases section and run it as an administrator user.
  • Press Number 1, 2, 3 & 4 in sequence to see the results.
  • Press 1: Sets the execution policy to unrestricted.
  • Press 2: Imports necessary PowerShell modules
  • Press 3: Installs Spectre related modules within PowerShell
  • Press 4: Inspects control settings for Spectre & Meltdown and displays result
  • Press 5: Exit from the program

Do I need to run the executable as administrator?

  • Yes, Right click on the “In-Spectre_meltdown.exe” and run as administrator to get the results.

Questions?
Twitter: <https://twitter.com/maniarviral&gt;
LinkedIn: <https://au.linkedin.com/in/viralmaniar&gt;

Download In-Spectre-Meltdown

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.975

Percentile

100.0%