Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:82F36111B57FF47CFC3AFF3E4F8E86A4
HistoryMar 15, 2018 - 12:00 a.m.

Windows SMBv1 Transaction race condition

2018-03-1500:00:00
SAINT Corporation
download.saintcorporation.com
112

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Added: 03/15/2018
CVE: CVE-2017-0146
BID: 96707

Background

Server Message Block (SMB) is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions.

Problem

A race condition when handling Transaction requests, combined with type confusion between WriteAndX and Transaction requests, allows remote attackers to overwrite the connection session information with an Administrator session, leading to command execution.

Resolution

Apply the patch referenced in MS17-010, or disable SMBv1.

References

<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx&gt;

Limitations

Exploit works on Windows Vista through Windows 10. The target must allow anonymous access to the **netlogon** named pipe in order to succeed.

Due to the nature of the vulnerability, the success of this exploit may depend on the target’s state. Success is more likely after the target is rebooted.

Platforms

Windows

Related

saint 2
seebug 2
mscve 1
checkpoint_advisories 1
cisa_kev 1
symantec 1
openvas 3
canvas 1
zdt 6
packetstorm 5
threatpost 1
qualysblog 1
trendmicroblog 3
attackerkb 4
prion 5
cve 5
huawei 1
f5 1
rapid7community 8
mskb 11
kaspersky 3
nessus 2
rapid7blog 1
ics 1
saint
saint
Windows SMBv1 Transaction race condition
2018-03-15 00:00:00
Windows SMBv1 Transaction race condition
2018-03-15 00:00:00
seebug
seebug
EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146)
2017-04-17 00:00:00
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
2017-04-15 00:00:00
mscve
mscve
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)
2017-03-14 00:00:00
cisa_kev
cisa_kev
Microsoft Windows SMB Remote Code Execution Vulnerability
2022-03-25 00:00:00
symantec
symantec
Microsoft Windows SMB Server CVE-2017-0146 Remote Code Execution Vulnerability
2017-03-14 00:00:00
openvas
openvas
Double Pulsar Infection Detect
2017-04-18 00:00:00
Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
2017-03-22 00:00:00
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
2017-03-15 00:00:00
canvas
canvas
Immunity Canvas: MS17_010
2017-03-17 00:59:00
zdt
zdt
Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi
2018-02-03 00:00:00
Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit
2017-05-17 00:00:00
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit
2017-04-17 00:00:00
packetstorm
packetstorm
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
2018-02-03 00:00:00
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
2017-05-17 00:00:00
SMB DOUBLEPULSAR Remote Code Execution
2020-02-04 00:00:00
threatpost
threatpost
ShadowBrokers' Windows Zero-Days Already Patched
2017-04-17 14:06:34
qualysblog
qualysblog
The Shadow Brokers Release Zero Day Exploit Tools
2017-04-15 07:11:21
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 26, 2017
2017-06-30 12:00:57
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017
2017-05-19 12:00:15
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 17, 2017
2017-04-21 18:23:45
attackerkb
attackerkb
CVE-2017-0146
2017-03-17 00:00:00
CVE-2017-0148
2017-03-17 00:00:00
CVE-2017-0144 (MS17-010)
2017-03-17 00:00:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
cve
cve
CVE-2017-0145
2017-03-17 00:59:00
CVE-2017-0144
2017-03-17 00:59:00
CVE-2017-0143
2017-03-17 00:59:00
huawei
huawei
Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems
2017-05-13 00:00:00
f5
f5
K57181937 : Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities
2017-05-16 00:00:00
rapid7community
rapid7community
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
2017-08-03 16:56:04
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
2017-05-24 23:14:26
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
2017-05-15 18:25:42
mskb
mskb
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
2017-03-14 07:00:00
MS17-010: Security update for Windows SMB Server: March 14, 2017
2017-03-14 00:00:00
March 2017 Security Only Quality Update for Windows Server 2012
2017-03-14 07:00:00
kaspersky
kaspersky
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
2017-03-14 00:00:00
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
2017-03-14 00:00:00
KLA10979 Multiple vulnerabilities in Microsoft Windows
2017-03-14 00:00:00
nessus
nessus
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)
2017-03-15 00:00:00
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)
2017-03-20 00:00:00
rapid7blog
rapid7blog
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
2022-03-01 19:15:58
ics
ics
Philips Intellispace Portal ISP Vulnerabilities
2018-02-27 12:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:82F36111B57FF47CFC3AFF3E4F8E86A4
saint2seebug2mscve1checkpoint_advisories1cisa_kev1symantec1openvas3canvas1zdt6packetstorm5threatpost1qualysblog1trendmicroblog3attackerkb4prion5cve5huawei1f51rapid7community8mskb11kaspersky3nessus2rapid7blog1ics1