Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5753

CWE-203 CWE-226 CWE-385 CWE-200 — Information Exposure50 documents17 sources

Severity

5.6MEDIUM

EPSS

94.3%

top 0.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Siemens Simatic Itc1500 Firmware Siemens Simatic Itc1500 PRO Firmware Siemens Simatic Itc1900 Firmware +42 more

Timeline

PublishedJan 4

Latest updateMar 15

Description

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages52 packages

▶NVDoracle/local_service_management_system13.1, 13.2, 13.3+2

▶CVEListV5intel_corporation/most_modern_operating_systemsAll

▶NVDvmware/fusion8.0.0 — 8.5.9

▶NVDvmware/workstation12.0.0 — 12.5.8

▶NVDsynology/router_manager1.1 — 1.1.7-6941-1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.04, 17.10

Patches

Patch: www.oracle.com ↗Patch: portal.msrc.microsoft.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

linux-hwe vulnerabilities↗2018-03-15

▶

OSV

linux-kvm vulnerabilities↗2018-01-29

▶

OSV

linux, linux-aws, linux-euclid vulnerabilities↗2018-01-23

▶

OSV

linux vulnerabilities↗2018-01-23

▶

Kernel

Merge branch 'kvm-insert-lfence'↗2018-01-16

▶

💥Exploits & PoCs

Exploit-DB

Multiple CPUs - 'Spectre' Information Disclosure↗2018-01-03

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Spectre PoC Download In Progress↗2018-01-10

▶

Suricata

ET WEB_CLIENT Spectre Exploit Javascript↗2018-01-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2018-03-15

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-03-15

▶

Ubuntu

Linux kernel vulnerabilities↗2018-02-22

▶

Ubuntu

Linux kernel (KVM) vulnerabilities↗2018-01-29

▶

Ubuntu

Linux kernel vulnerabilities↗2018-01-23

▶

🕵️Threat Intelligence

Fortinet

Meltdown/Spectre Update↗2018-01-30

▶

Qualys

Processor Vulnerabilities – Meltdown and Spectre↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Sentinelone

SentinelOne is Compatible with “Meltdown” and “Spectre” Fixes↗2018-01-04

▶

Qualys

Processor Vulnerabilities - Meltdown and Spectre | Qualys↗2018-01-04

▶

💬Community

Bugzilla

firefox: mitigations against spectre via javascript↗2018-01-08

▶

Bugzilla

CVE-2017-5753 kernel: hw: cpu: speculative execution bounds-check bypass [fedora-all]↗2018-01-03

▶

Bugzilla

CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass↗2017-12-01

▶