8.8 CVE-2017-0144

CISA Kev Catalog Used by Malware Used by Ransomware Used by Malware Patch Exploit

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
https://nvd.nist.gov/vuln/detail/CVE-2017-0144

References

secure@microsoft.com Patch Exploit

http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne... Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec... Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96704 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037991 Broken Link Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Third Party Advisory US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144 Patch Vendor Advisory
https://www.exploit-db.com/exploits/41891/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41987/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42030/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42031/ Exploit Third Party Advisory VDB Entry

CPE

cpe	start	end
Configuration 1
AND
cpe:2.3:a:microsoft:server_message_block:1.0:::::::*
Running on/with
cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
cpe:2.3:o:microsoft:windows_7:-:sp1::::::
cpe:2.3:o:microsoft:windows_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
Configuration 2
AND
cpe:2.3:o:siemens:acuson_p300_firmware:13.02:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.03:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.20:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.21:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p300:-:::::::*
Configuration 3
AND
cpe:2.3:o:siemens:acuson_p500_firmware:va10:::::::*
cpe:2.3:o:siemens:acuson_p500_firmware:vb10:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p500:-:::::::*
Configuration 4
AND
cpe:2.3:o:siemens:acuson_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:acuson_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_sc2000:-:::::::*
Configuration 5
AND
cpe:2.3:o:siemens:acuson_x700_firmware:1.0:::::::*
cpe:2.3:o:siemens:acuson_x700_firmware:1.1:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_x700:-:::::::*
Configuration 6
AND
cpe:2.3:o:siemens:syngo_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:syngo_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:syngo_sc2000:-:::::::*
Configuration 7
AND
cpe:2.3:o:siemens:tissue_preparation_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:tissue_preparation_system:-:::::::*
Configuration 8
AND
cpe:2.3:o:siemens:versant_kpcr_molecular_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_molecular_system:-:::::::*
Configuration 9
AND
cpe:2.3:o:siemens:versant_kpcr_sample_prep_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_sample_prep:-:::::::*

REMEDIATION

Patch

Url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144

EXPLOITS

Exploit-db.com

id	description	date
42031	Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)	2017-05-19
42315	Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)	2017-07-11
42030	Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)	2017-05-19

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne...
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec...
https://www.exploit-db.com/exploits/41891/
https://www.exploit-db.com/exploits/41987/
https://www.exploit-db.com/exploits/42030/
https://www.exploit-db.com/exploits/42031/

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee

Impact

Score : 8.8 HIGH

EPSS : 96.3%

Vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AttackVector : NETWORK
AttackComplexity : LOW
PrivilegesRequired : LOW
UserInteraction : NONE
Scope : UNCHANGED
Confidentiality : HIGH
Integrity : HIGH
Availability : HIGH

Warning: vulnerability used by one or more Ransomwares :

Wannacry
Petya

Warning: vulnerability used by one or more Malwares :

Publication date : 17 Mars 2017

Date modified : 24 Juillet 2024