⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-08-10.

CVE-2017-0145Improper Input Validation in Corporation Windows SMB

CWE-20Improper Input Validation37 documents13 sources
Severity
8.8HIGHNVD
NVD8.1
EPSS
93.3%
top 0.19%
CISA KEV
KEVRansomware
Added 2022-02-10
Due 2022-08-10
Exploit
Exploited in wild
Active exploitation observed
Affected products
21
Siemens Acuson Sc2000 FirmwareSiemens Syngo Sc2000 FirmwareMicrosoft Corporation Windows SMB+18 more
Timeline
PublishedMar 17
KEV addedFeb 10
KEV dueAug 10
Latest updateSep 4
CISA Required Action: Apply updates per vendor instructions.

Description

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages21 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

6
GHSA
GHSA-fqgw-29m3-pwh5: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14
GHSA
GHSA-3c3r-82gp-wc94: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14
GHSA
GHSA-8w56-gqrj-2wfg: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14
GHSA
GHSA-jxmr-j43h-4x9p: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14
GHSA
GHSA-mfj7-24mx-p6qj: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14

💥Exploits & PoCs

6
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)2019-10-02
Exploit-DB
Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)2017-05-10
Exploit-DB
Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)2017-04-17
Metasploit
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Metasploit
MS17-010 SMB RCE Detection

📋Vendor Advisories

2
CISA
Microsoft SMBv1 Remote Code Execution Vulnerability2022-02-10
Microsoft
Windows SMB Remote Code Execution Vulnerability2017-03-14

🕵️Threat Intelligence

17
Qualys
Top 20 Vulnerabilities Exploited by Cyber Attackers | Qualys2023-09-04
Qualys
Qualys Top 20 Most Exploited Vulnerabilities2023-09-04
Qualys
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)2023-07-18
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Qualys
The Rise of Ransomware2021-10-05

📄Research Papers

1
arXiv
Evaluating the Performance of Twitter-based Exploit Detectors2020-11-05
CVE-2017-0145 — Improper Input Validation | cvebase