Moderate
CVE-2017-5715
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2017-5715
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityVery Low
Technical Analysis
I am submitting this information to AttackerKB based on recent news and activity about a cracked version of CANVAS v7.26 being distributed that can exploit CVE-2017-2015. As this vulnerability has recently passed 3 years since release with only some PoCs published, the recent activity is worth noting. The expectation is that an exploit will be in the wild in the near future.
There is a good writeup of the recent activity at https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/
VirusTotal hash is live at https://www.virustotal.com/gui/file/ecc0f2aa29b102bf8d67b7d7173e8698c0341ddfdf9757be17595460fbf1791a/detection
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- Intel Corporation
Products
- Microprocessors with Speculative Execution
References
Advisory
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Thanks, @pwsh!