Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2017-0146

Disclosure Date: March 17, 2017 •

CVE-2017-0146 CVSS v3 Base Score: 8.8

Exploited in the Wild

Reported by AttackerKB Worker and 1 more...
View Source Details

Metasploit Module

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

SMB DOUBLEPULSAR Remote Code Execution

Description

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

microsoft,
siemens

Products

acuson p300 firmware 13.02,
acuson p300 firmware 13.03,
acuson p300 firmware 13.20,
acuson p300 firmware 13.21,
acuson p500 firmware va10,
acuson p500 firmware vb10,
acuson sc2000 firmware,
acuson sc2000 firmware 5.0a,
acuson x700 firmware 1.0,
acuson x700 firmware 1.1,
server message block 1.0,
syngo sc2000 firmware,
syngo sc2000 firmware 5.0a,
tissue preparation system firmware,
versant kpcr molecular system firmware,
versant kpcr sample prep firmware

Metasploit Modules

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/smb/ms17_010_command.rb)

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_psexec.rb)

SMB DOUBLEPULSAR Remote Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_doublepulsar_rce.rb)

MS17-010 SMB RCE Detection (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb)

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb)

Exploited in the Wild

Reported by:

AttackerKB Worker

Reported: September 25, 2020 8:38pm UTC (4 years ago)

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 28, 2022 4:53pm UTC (2 years ago)

References

Rapid7

Unknown

CVE-2017-0146

Unknown

Unknown

None

Low

Network

CVE-2017-0146

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2017-0146

Unknown

Unknown

None

Low

Network

CVE-2017-0146

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification