7.5
CVE-2017-0147
- EPSS 99.69%
- Veröffentlicht 17.03.2017 00:59:04
- Zuletzt bearbeitet 22.04.2026 13:50:27
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1507 Version-
Microsoft ≫ Windows 10 1511 Version-
Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Server 2016 Version-
Microsoft ≫ Windows Vista Version- Updatesp2
Siemens ≫ Acuson P300 Firmware Version13.02
Siemens ≫ Acuson P300 Firmware Version13.03
Siemens ≫ Acuson P300 Firmware Version13.20
Siemens ≫ Acuson P300 Firmware Version13.21
Siemens ≫ Acuson P500 Firmware Versionva10
Siemens ≫ Acuson P500 Firmware Versionvb10
Siemens ≫ Acuson Sc2000 Firmware Version >= 4.0 < 4.0e
Siemens ≫ Acuson Sc2000 Firmware Version5.0a
Siemens ≫ Acuson X700 Firmware Version1.0
Siemens ≫ Acuson X700 Firmware Version1.1
Siemens ≫ Syngo Sc2000 Firmware Version >= 4.0 < 4.0e
Siemens ≫ Syngo Sc2000 Firmware Version5.0a
24.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows SMBv1 Information Disclosure Vulnerability
SchwachstelleThe SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 99.69% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html
http://www.securitytracker.com/id/1037991
https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf
https://www.exploit-db.com/exploits/41891/
https://www.exploit-db.com/exploits/41987/
https://www.exploit-db.com/exploits/43970/
http://www.securityfocus.com/bid/96709
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0147