CVE-2017-0144
Published: 17 March 2017
Summary
CVE-2017-0144 is a high-severity an unspecified weakness vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).
Deeper analysis
The vulnerability tracked as CVE-2017-0144 is a remote code execution flaw in the SMBv1 server implementation on multiple Microsoft Windows releases, specifically Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It is triggered by specially crafted network packets and is distinct from the related SMB issues assigned CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. The flaw received a CVSS 3.1 base score of 8.8, reflecting network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability.
Remote attackers who can reach an affected SMBv1 service are able to leverage the weakness to execute arbitrary code on the target system. The provided CVSS vector indicates that valid low-privileged credentials are required, after which an attacker can obtain full control equivalent to the privileges of the SMB service.
Public references associate the vulnerability with DOUBLEPULSAR, a kernel-level payload and backdoor that has been discussed in exploit artifacts and neutralization guidance, confirming active interest in both offensive and defensive tooling around this class of SMBv1 issues.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0511
Vulnerability details
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…
more
allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
- CWE(s)
- KEV Date Added
- 10 February 2022
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates by disabling SMBv1, eliminating the vulnerable service that accepts crafted packets for RCE.
Requires timely application of Microsoft patches that close the SMBv1 remote code execution flaw before exploitation.
Enforces boundary rules that block or restrict inbound SMB traffic (TCP 445) from untrusted networks, preventing packet delivery to the vulnerable service.