ccondon-r7's comment on CVE-2017-5715 | AttackerKB

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Add Assessment

3

pwsh (4)

March 03, 2021 3:34pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

Medium

Exploitability

Very Low

Common in enterprise Difficult to patch Gives privileged access Requires elevated access

Technical Analysis

I am submitting this information to AttackerKB based on recent news and activity about a cracked version of CANVAS v7.26 being distributed that can exploit CVE-2017-2015. As this vulnerability has recently passed 3 years since release with only some PoCs published, the recent activity is worth noting. The expectation is that an exploit will be in the wild in the near future.

There is a good writeup of the recent activity at https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

VirusTotal hash is live at https://www.virustotal.com/gui/file/ecc0f2aa29b102bf8d67b7d7173e8698c0341ddfdf9757be17595460fbf1791a/detection

Log in to Add Reply

See More &1 replySee Less

2

ccondon-r7 (286) March 03, 2021 11:44pm UTC (4 years ago)•Edited 4 years ago

Thanks, @pwsh!

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.6 Medium

Impact Score:

4

Exploitability Score:

1.1

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

Products

References

Canonical

CVE-2017-5715 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715)

BID-102376 (http://www.securityfocus.com/bid/102376)

Advisory

http://nvidia.custhelp.com/app/answers/detail/a_id/4609

USN-3560-1 (https://usn.ubuntu.com/3560-1)

[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html)

DSA-4187 (https://www.debian.org/security/2018/dsa-4187)

USN-3542-2 (https://usn.ubuntu.com/3542-2)

GLSA-201810-06 (https://security.gentoo.org/glsa/201810-06)

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

USN-3540-2 (https://usn.ubuntu.com/3540-2)

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html)

USN-3597-1 (https://usn.ubuntu.com/3597-1)

[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://nvidia.custhelp.com/app/answers/detail/a_id/4611

DSA-4213 (https://www.debian.org/security/2018/dsa-4213)

https://cert.vde.com/en-us/advisories/vde-2018-002

DSA-4120 (https://www.debian.org/security/2018/dsa-4120)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html

USN-3580-1 (https://usn.ubuntu.com/3580-1)

https://support.f5.com/csp/article/K91229003

USN-3531-3 (https://usn.ubuntu.com/3531-3)

USN-3620-2 (https://usn.ubuntu.com/3620-2)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html

USN-3582-1 (https://usn.ubuntu.com/3582-1)

DSA-4188 (https://www.debian.org/security/2018/dsa-4188)

https://access.redhat.com/errata/RHSA-2018:0292

http://xenbits.xen.org/xsa/advisory-254.html

https://security.netapp.com/advisory/ntap-20180104-0001

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html

https://www.synology.com/support/security/Synology_SA_18_01

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

USN-3594-1 (https://usn.ubuntu.com/3594-1)

VU#584653 (http://www.kb.cert.org/vuls/id/584653)

VU#180049 (https://www.kb.cert.org/vuls/id/180049)

https://cert.vde.com/en-us/advisories/vde-2018-003

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html

USN-3690-1 (https://usn.ubuntu.com/3690-1)

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us

https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html

USN-3549-1 (https://usn.ubuntu.com/3549-1)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities

https://support.citrix.com/article/CTX231399

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

USN-3531-1 (https://usn.ubuntu.com/3531-1)

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html

USN-3581-1 (https://usn.ubuntu.com/3581-1)

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack

SECTRACK-1040071 (http://www.securitytracker.com/id/1040071)

[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html)

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

USN-3597-2 (https://usn.ubuntu.com/3597-2)

USN-3581-2 (https://usn.ubuntu.com/3581-2)

http://nvidia.custhelp.com/app/answers/detail/a_id/4614

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html

[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html)

20180104 CPU Side-Channel Information Disclosure Vulnerabilities (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel)

USN-3516-1 (https://usn.ubuntu.com/usn/usn-3516-1)

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

EXPLOIT-DB-43427 (https://www.exploit-db.com/exploits/43427)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html

USN-3541-2 (https://usn.ubuntu.com/3541-2)

https://support.lenovo.com/us/en/solutions/LEN-18282

USN-3777-3 (https://usn.ubuntu.com/3777-3)

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html

https://www.vmware.com/security/advisories/VMSA-2018-0007.html

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html

http://nvidia.custhelp.com/app/answers/detail/a_id/4613

USN-3561-1 (https://usn.ubuntu.com/3561-1)

USN-3582-2 (https://usn.ubuntu.com/3582-2)

20190624 [SECURITY] [DSA 4469-1] libvirt security update (https://seclists.org/bugtraq/2019/Jun/36)

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu (https://seclists.org/bugtraq/2019/Nov/16)

https://security.paloaltonetworks.com/CVE-2017-5715

[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update (https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html)

USN-3560-1 (https://usn.ubuntu.com/3560-1/)

USN-3542-2 (https://usn.ubuntu.com/3542-2/)

USN-3540-2 (https://usn.ubuntu.com/3540-2/)

USN-3597-1 (https://usn.ubuntu.com/3597-1/)

USN-3580-1 (https://usn.ubuntu.com/3580-1/)

USN-3531-3 (https://usn.ubuntu.com/3531-3/)

USN-3620-2 (https://usn.ubuntu.com/3620-2/)

USN-3582-1 (https://usn.ubuntu.com/3582-1/)

https://security.netapp.com/advisory/ntap-20180104-0001/

USN-3594-1 (https://usn.ubuntu.com/3594-1/)

USN-3690-1 (https://usn.ubuntu.com/3690-1/)

USN-3549-1 (https://usn.ubuntu.com/3549-1/)

https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/

USN-3531-1 (https://usn.ubuntu.com/3531-1/)

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

USN-3581-1 (https://usn.ubuntu.com/3581-1/)

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

USN-3597-2 (https://usn.ubuntu.com/3597-2/)

USN-3581-2 (https://usn.ubuntu.com/3581-2/)

USN-3516-1 (https://usn.ubuntu.com/usn/usn-3516-1/)

EXPLOIT-DB-43427 (https://www.exploit-db.com/exploits/43427/)

USN-3541-2 (https://usn.ubuntu.com/3541-2/)

USN-3777-3 (https://usn.ubuntu.com/3777-3/)

USN-3561-1 (https://usn.ubuntu.com/3561-1/)

USN-3582-2 (https://usn.ubuntu.com/3582-2/)

[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update (https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html)

Miscellaneous

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html

https://spectreattack.com

https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc

http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html

https://spectreattack.com/

Rapid7

Technical Analysis