8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Since the Shadow Brokers published NSA Elite hacking team Equation Group the use of 0-day vulnerabilities and hacker tools, hacker groups and independent hackers started to exploit these vulnerabilities and tools to initiate various attacks. But industry insiders believe that the 4 month Shadow Brokers published include high-risk Windows SMB vulnerabilities, including a series of Windows hacking tool data, is by far the most destructive of the data.
WannaCry after the outbreak, security researchers have found many hackers exploit Windows SMB Vulnerability, CVE-2017-0143)(i.e. Enternal Blue for a variety of hacking activities, in addition, Eternalblue SMB vulnerability MS17-010 has been transferred to the Metasploit penetration testing framework, which allows researchers and hackers can easily take advantage of this vulnerability expand to different actions.
Therefore, in addition to WannaCry this massive global attack, a large number of hacker groups, state-sponsored hackers, in order to earn money for the purpose of network criminal and grey hat hacker use Eternalblue initiated a variety of large or smaller attack, in fact, is not surprising.
The following is a security researchers recently discovered the use of the SMB vulnerability to initiate the attack, some occur in WannaCry before, and some occur in WannaCry.
5 on 17 May, the researchers found a product called EternalRocks New use of SMB vulnerability of the worms. With the use of two NSA vulnerability and tools WannaCry compared EternalRocks worms can be had and less. The worm Co-use of a four-section SMB vulnerability and three NSA hack tool include the following:
EternalBlue — SMBv1 vulnerability
EternalRomance — SMBv1 vulnerability
EternalChampion — SMBv2 vulnerability
EternalSynergy — SMBv3 vulnerability
SMBTouch — SMB investigative tool
ArchTouch — SMB reconnaissance tool
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%