CVE-2017-0143
Published: 17 March 2017
Summary
CVE-2017-0143 is a high-severity an unspecified weakness vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).
Deeper analysis
The vulnerability CVE-2017-0143 resides in the SMBv1 server implementation across multiple Microsoft Windows releases, specifically Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It is triggered by specially crafted network packets that result in remote code execution and is distinct from the related issues tracked as CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
An unauthenticated remote attacker with network connectivity to an affected SMBv1 endpoint can send malicious packets to execute arbitrary code, obtaining the same privileges as the SMB service and thereby enabling full system compromise.
Public references such as the Siemens SSA-701903 advisory and entries on SecurityFocus and SecurityTracker outline vendor guidance and patch availability for the affected platforms, while PacketStorm disclosures describe neutralization techniques for associated DOUBLEPULSAR payloads.
The listed references further document publicly available exploit code and payload execution artifacts tied to this SMBv1 flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0510
Vulnerability details
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…
more
allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Disabling SMBv1 (an unnecessary and legacy protocol) directly removes the vulnerable server component that accepts crafted packets for RCE.
Applying the vendor patches for CVE-2017-0143 eliminates the SMBv1 flaw before an unauthenticated attacker can send exploit packets.
Boundary protection (e.g., firewalls or network segmentation) blocks external SMB traffic to affected hosts, preventing remote unauthenticated access to the vulnerable endpoint.