Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone Networks GmbHOPENVAS:1361412562310810676
HistoryMar 22, 2017 - 12:00 a.m.

Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)

2017-03-2200:00:00
Copyright (C) 2017 Greenbone Networks GmbH
plugins.openvas.org
463

0.975 High

EPSS

Percentile

99.9%

JSON

This host is missing a critical security
update according to Microsoft Bulletin MS17-010.

###############################################################################
# OpenVAS Vulnerability Test
#
# Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
#
# Authors:
# Shakeel <[email protected]>
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.810676");
  script_version("2020-06-04T12:11:49+0000");
  script_cve_id("CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0146",
                "CVE-2017-0147", "CVE-2017-0148");
  script_bugtraq_id(96703, 96704, 96705, 96707, 96709, 96706);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)");
  script_tag(name:"creation_date", value:"2017-03-22 17:51:25 +0530 (Wed, 22 Mar 2017)");
  script_name("Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)");

  script_tag(name:"summary", value:"This host is missing a critical security
  update according to Microsoft Bulletin MS17-010.");

  script_tag(name:"vuldetect", value:"Send the crafted SMB transaction request
  with fid = 0 and check the response to confirm the vulnerability.");

  script_tag(name:"insight", value:"Multiple flaws exist due to the way that the
  Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to gain the ability to execute code on the target server, also
  could lead to information disclosure from the server.");

  script_tag(name:"affected", value:"- Microsoft Windows 10 x32/x64

  - Microsoft Windows Server 2012

  - Microsoft Windows Server 2016

  - Microsoft Windows 8.1 x32/x64

  - Microsoft Windows Server 2012 R2

  - Microsoft Windows 7 x32/x64 Service Pack 1

  - Microsoft Windows Vista x32/x64 Service Pack 2

  - Microsoft Windows Server 2008 R2 x64 Service Pack 1

  - Microsoft Windows Server 2008 x32/x64 Service Pack 2");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_active");
  script_xref(name:"URL", value:"https://support.microsoft.com/en-in/kb/4013078");
  script_xref(name:"URL", value:"https://technet.microsoft.com/library/security/MS17-010");
  script_xref(name:"URL", value:"https://github.com/rapid7/metasploit-framework/pull/8167/files");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("gb_smb_version_detect.nasl", "os_detection.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("smb_v1/supported", "Host/runs_windows");
  exit(0);
}

include("smb_nt.inc");
include("host_details.inc");

name = kb_smb_name();
smbPort = kb_smb_transport();

if(!name || !smbPort){
  exit(0);
}

soc = open_sock_tcp( smbPort );
if( ! soc ) exit( 0 );

## SMB Negotiate Protocol Request
smb_neg_req = raw_string(0x00, 0x00, 0x00, 0x85, 0xff, 0x53, 0x4d, 0x42,
                         0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,
                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa6,
                         0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x00, 0x02,
                         0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f,
                         0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52,
                         0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02,
                         0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e,
                         0x30, 0x00, 0x02, 0x57, 0x69, 0x6e, 0x64, 0x6f,
                         0x77, 0x73, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x57,
                         0x6f, 0x72, 0x6b, 0x67, 0x72, 0x6f, 0x75, 0x70,
                         0x73, 0x20, 0x33, 0x2e, 0x31, 0x61, 0x00, 0x02,
                         0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, 0x30, 0x30,
                         0x32, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41,
                         0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4e, 0x54,
                         0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32,
                         0x00);

send( socket:soc, data:smb_neg_req );

## SMB Negotiate Protocol Response
smb_neg_resp = smb_recv( socket:soc );
if( ! smb_neg_resp )
{
  close( soc );
  exit( 0 );
}

## SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
smb_sess_req = raw_string(0x00, 0x00, 0x00, 0xec, 0xff, 0x53, 0x4d, 0x42,
                          0x73, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,
                          0x00, 0x00, 0x42, 0x53, 0x52, 0x53, 0x50, 0x59,
                          0x4c, 0x20, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa6,
                          0x00, 0x00, 0x40, 0x00, 0x0c, 0xff, 0x00, 0x00,
                          0x00, 0x00, 0x44, 0x01, 0x00, 0x01, 0x00, 0x00,
                          0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x00,
                          0x00, 0xdc, 0x02, 0x00, 0x80, 0xb1, 0x00, 0x60,
                          0x48, 0x06, 0x06, 0x2b, 0x06, 0x01, 0x05, 0x05,
                          0x02, 0xa0, 0x3e, 0x30, 0x3c, 0xa0, 0x0e, 0x30,
                          0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
                          0x82, 0x37, 0x02, 0x02, 0x0a, 0xa2, 0x2a, 0x04,
                          0x28, 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50,
                          0x00, 0x01, 0x00, 0x00, 0x00, 0x05, 0x82, 0x08,
                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                          0x00, 0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00,
                          0x0f, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00,
                          0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00,
                          0x20, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00,
                          0x32, 0x00, 0x20, 0x00, 0x53, 0x00, 0x65, 0x00,
                          0x72, 0x00, 0x76, 0x00, 0x69, 0x00, 0x63, 0x00,
                          0x65, 0x00, 0x20, 0x00, 0x50, 0x00, 0x61, 0x00,
                          0x63, 0x00, 0x6b, 0x00, 0x20, 0x00, 0x32, 0x00,
                          0x20, 0x00, 0x32, 0x00, 0x36, 0x00, 0x30, 0x00,
                          0x30, 0x00, 0x00, 0x00, 0x57, 0x00, 0x69, 0x00,
                          0x6e, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x77, 0x00,
                          0x73, 0x00, 0x20, 0x00, 0x32, 0x00, 0x30, 0x00,
                          0x30, 0x00, 0x32, 0x00, 0x20, 0x00, 0x35, 0x00,
                          0x2e, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00);

send( socket:soc, data:smb_sess_req );

## SMB Session Setup AndX Response, NTLMSSP_CHALLENGE,
## Error: STATUS_MORE_PROCESSING_REQUIRED
smb_sess_resp = smb_recv( socket:soc );
if( ! smb_sess_resp )
{
  close( soc );
  exit( 0 );
}

##Extract UID from Session Setup AndX Response
if(smb_sess_resp && strlen(smb_sess_resp) > 33)
{
  uid_low   = ord(smb_sess_resp[32]);
  uid_high  = ord(smb_sess_resp[33]);
  uid   = uid_high * 256;
  uid  += uid_low;
}
else {
  exit(0);
}

## SMB Session Setup AndX Request, NTLMSSP_AUTH, User: \
smb_sess_andx_req = raw_string(0x00, 0x00, 0x01, 0x02, 0xff, 0x53, 0x4d, 0x42,
                               0x73, 0x00, 0x00, 0x00, 0x00, 0x18, 0x03, 0xc8,
                               0x00, 0x00, 0x42, 0x53, 0x52, 0x53, 0x50, 0x59,
                               0x4c, 0x20, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xa6)
                               + raw_string(uid_low, uid_high) +
                               raw_string( 0x80, 0x00, 0x0c, 0xff, 0x00, 0x00,
                               0x00, 0x00, 0x44, 0x01, 0x00, 0x00, 0x00, 0x00,
                               0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x00,
                               0x00, 0xdc, 0x02, 0x00, 0x80, 0xc7, 0x00, 0xa1,
                               0x5f, 0x30, 0x5d, 0xa2, 0x5b, 0x04, 0x59, 0x4e,
                               0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03,
                               0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x48,
                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,
                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,
                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,
                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49,
                               0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x49,
                               0x00, 0x00, 0x00, 0x05, 0x02, 0x08, 0x00, 0x01,
                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00,
                               0x77, 0x24, 0xb3, 0x5b, 0xd0, 0xee, 0x67, 0x99,
                               0xa6, 0x5b, 0x68, 0xa4, 0x4f, 0x0e, 0xeb, 0x56,
                               0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00,
                               0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00,
                               0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x32, 0x00,
                               0x20, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00,
                               0x76, 0x00, 0x69, 0x00, 0x63, 0x00, 0x65, 0x00,
                               0x20, 0x00, 0x50, 0x00, 0x61, 0x00, 0x63, 0x00,
                               0x6b, 0x00, 0x20, 0x00, 0x32, 0x00, 0x20, 0x00,
                               0x32, 0x00, 0x36, 0x00, 0x30, 0x00, 0x30, 0x00,
                               0x00, 0x00, 0x57, 0x00, 0x69, 0x00, 0x6e, 0x00,
                               0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00,
                               0x20, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00,
                               0x32, 0x00, 0x20, 0x00, 0x35, 0x00, 0x2e, 0x00,
                               0x31, 0x00, 0x00, 0x00, 0x00, 0x00);

send( socket:soc, data:smb_sess_andx_req );

## SMB Session Setup AndX Response
smb_sess_andx_resp = smb_recv( socket:soc );
if( ! smb_sess_andx_resp )
{
  close( soc );
  exit( 0 );
}

## SMB Tree Connect AndX Request, Path: \\xxx.xxx.xxx.xxx\IPC$
smb_tree_resp = smb_tconx( soc:soc, name:name, uid:uid, share:"IPC$" );
if(! smb_tree_resp )
{
  close( soc );
  exit( 0 );
}

##Extract Tree ID from SMB Tree Connect Response
if(smb_tree_resp && strlen(smb_tree_resp) > 29)
{
  tid_low = ord(smb_tree_resp[28] );
  tid_high = ord(smb_tree_resp[29] );
}
else {
  exit(0);
}

# SMB Pipe PeekNamedPipe Request, FID: 0x0000
smbtrans_request = raw_string(0x00, 0x00, 0x00, 0x4a, 0xff, 0x53, 0x4d, 0x42,
                              0x25, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x28,
                              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                              0x00, 0x00, 0x00, 0x00)+raw_string(tid_low, tid_high) +
                              raw_string( 0xf5, 0x5e)+raw_string(uid_low, uid_high) +
                              raw_string(0x26, 0x76, 0x10, 0x00, 0x00, 0x00,
                              0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
                              0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                              0x00, 0x4a, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x02,
                              0x00, 0x23, 0x00, 0x00, 0x00, 0x07, 0x00, 0x5c,
                              0x50, 0x49, 0x50, 0x45, 0x5c, 0x00);

send( socket:soc, data: smbtrans_request);
smb_trans_resp = smb_recv( socket:soc );
if(strlen( smb_trans_resp ) < 39)
{
  close(soc);
  exit(0);
}

## SMB Trans Response, Error: STATUS_INSUFF_SERVER_RESOURCES
## If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine
## does not have the MS17-010 patch. After the patch, "STATUS_ACCESS_DENIED",
## "STATUS_INVALID_HANDLE".
if(ord(smb_trans_resp[9]) == 5 &&  ord(smb_trans_resp[10]) == 2 &&
   ord(smb_trans_resp[11]) == 0 && ord(smb_trans_resp[12]) == 192)
{
  security_message(port:smbPort );
  close(soc);
  exit(0);
}
close(soc);

Related

openvas 2
zdt 8
rapid7community 10
packetstorm 7
kaspersky 3
seebug 2
mskb 11
f5 1
prion 6
cve 6
huawei 1
attackerkb 5
nessus 2
trendmicroblog 5
mmpc 7
canvas 2
threatpost 11
thn 11
qualysblog 8
rapid7blog 3
saint 9
cisa_kev 6
checkpoint_advisories 6
symantec 6
mscve 6
talosblog 1
malwarebytes 2
trellix 4
myhack58 1
carbonblack 1
kitploit 1
avleonov 4
securelist 3
fireeye 2
ics 4
nmap 1
ibm 1
cisa 1
mssecure 2
openvas
openvas
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
2017-03-15 00:00:00
Double Pulsar Infection Detect
2017-04-18 00:00:00
zdt
zdt
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Exploit
2017-05-10 00:00:00
SMB DOUBLEPULSAR Remote Code Execution Exploit
2020-02-04 00:00:00
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
2019-10-04 00:00:00
rapid7community
rapid7community
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
2017-05-15 18:25:42
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
2017-05-24 23:14:26
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
2017-08-03 16:56:04
packetstorm
packetstorm
Microsoft Windows MS17-010 SMB Remote Code Execution
2017-04-17 00:00:00
DOUBLEPULSAR Payload Execution / Neutralization
2019-10-01 00:00:00
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
2017-05-17 00:00:00
kaspersky
kaspersky
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
seebug
seebug
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
2017-04-15 00:00:00
EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146)
2017-04-17 00:00:00
mskb
mskb
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
2017-03-14 07:00:00
MS17-010: Security update for Windows SMB Server: March 14, 2017
2017-03-14 00:00:00
March 2017 Security Only Quality Update for Windows Server 2012
2017-03-14 07:00:00
f5
f5
K57181937 : Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities
2017-05-16 00:00:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
cve
cve
CVE-2017-0148
2017-03-17 00:59:00
CVE-2017-0144
2017-03-17 00:59:00
CVE-2017-0143
2017-03-17 00:59:00
huawei
huawei
Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems
2017-05-13 00:00:00
attackerkb
attackerkb
CVE-2017-0143
2017-03-17 00:00:00
CVE-2017-0148
2017-03-17 00:00:00
CVE-2017-0144 (MS17-010)
2017-03-17 00:00:00
nessus
nessus
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
2017-03-20 00:00:00
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)
2017-03-15 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 26, 2017
2017-06-30 12:00:57
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017
2017-05-19 12:00:15
Double Whammy: When One Attack Masks Another Attack
2017-11-20 16:29:06
mmpc
mmpc
New ransomware, old techniques: Petya adds worm capabilities
2017-06-28 06:57:43
Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene
2017-09-06 14:58:36
WannaCrypt ransomware worm targets out-of-date systems
2017-05-13 06:40:39
canvas
canvas
Immunity Canvas: MS17_010
2017-03-17 00:59:00
Immunity Canvas: ETERNALBLUE
2017-03-17 00:59:00
threatpost
threatpost
PyRoMine Uses NSA Exploit for Monero Mining and Backdoors
2018-04-26 18:21:13
ShadowBrokers' Windows Zero-Days Already Patched
2017-04-17 14:06:34
Calypso APT Emerges from the Shadows to Target Governments
2019-10-31 18:55:02
thn
thn
Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities
2021-06-03 17:01:00
Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests
2017-08-11 04:55:00
WannaCry Ransomware: Everything You Need To Know Immediately
2017-05-15 05:11:00
qualysblog
qualysblog
The Shadow Brokers Release Zero Day Exploit Tools
2017-04-15 07:11:21
Emotet Re-emerges with Help from TrickBot
2022-01-06 14:05:53
The Rise of Ransomware
2021-10-05 12:50:00
rapid7blog
rapid7blog
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
2022-03-01 19:15:58
Metasploit Wrap-Up
2021-03-05 17:20:43
Open-Source Security: Getting to the Root of the Problem
2022-01-19 18:02:43
saint
saint
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
2021-11-03 00:00:00
Microsoft SMBv1 Server Remote Code Execution Vulnerability
2022-04-06 00:00:00
Microsoft SMBv1 Remote Code Execution Vulnerability
2022-02-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)
2017-05-16 00:00:00
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
2017-03-14 00:00:00
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)
2017-03-14 00:00:00
symantec
symantec
Microsoft Windows SMB Server CVE-2017-0148 Remote Code Execution Vulnerability
2017-03-14 00:00:00
Microsoft Windows SMB Server CVE-2017-0143 Remote Code Execution Vulnerability
2017-03-14 00:00:00
Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability
2017-03-14 00:00:00
mscve
mscve
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
talosblog
talosblog
Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks
2017-05-22 15:14:00
malwarebytes
malwarebytes
Threat spotlight: the curious case of Ryuk ransomware
2019-12-12 22:33:53
How threat actors are using SMB vulnerabilities
2018-12-14 16:00:00
trellix
trellix
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
Connected Healthcare: A Cybersecurity Battlefield We Must Win
2022-06-06 00:00:00
myhack58
myhack58
The SMB vulnerability triggered“bloodshed”, far more than WannaCry-vulnerability warning-the black bar safety net
2017-05-23 00:00:00
carbonblack
carbonblack
CB TAU Technical Analysis: DLTMiner Campaign Targeting Corporations in Asia
2019-07-23 13:47:50
kitploit
kitploit
Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]
2017-07-22 20:30:00
avleonov
avleonov
Downloading entire Vulners.com database in 5 minutes
2017-08-09 17:49:03
Petya the Great and why *they* don’t patch vulnerabilities
2017-06-29 21:29:50
Is Vulnerability Management more about Vulnerabilities or Management?
2020-02-11 13:46:54
securelist
securelist
Bad Rabbit ransomware
2017-10-24 18:16:00
A mining multitool
2018-07-26 10:00:25
APT trends report Q2 2019
2019-08-01 10:00:05
fireeye
fireeye
CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining
2018-02-15 11:30:00
CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining
2018-02-15 16:30:00
ics
ics
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
2023-12-15 12:00:00
Philips Intellispace Portal ISP Vulnerabilities
2018-02-27 12:00:00
Baxter ExactaMix (Update A)
2020-07-28 12:00:00
nmap
nmap
smb-vuln-ms17-010 NSE Script
2017-05-27 07:57:34
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Cloud Pak System
2019-10-24 21:43:28
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
mssecure
mssecure
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-29 19:00:59
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-07-22 16:00:57

0.975 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:1361412562310810676
openvas2zdt8rapid7community10packetstorm7kaspersky3seebug2mskb11f51prion6cve6huawei1attackerkb5nessus2trendmicroblog5mmpc7canvas2threatpost11thn11qualysblog8rapid7blog3saint9cisa_kev6checkpoint_advisories6symantec6mscve6talosblog1malwarebytes2trellix4myhack581carbonblack1kitploit1avleonov4securelist3fireeye2ics4nmap1ibm1cisa1mssecure2