CVE-2017-0147
Published: 17 March 2017
Summary
CVE-2017-0147 is a high-severity an unspecified weakness vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an information disclosure flaw in the SMBv1 server component of Microsoft Windows, affecting Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It enables remote attackers to read sensitive data directly from process memory by sending specially crafted packets, as reflected in its CVSS 7.5 rating emphasizing network-accessible confidentiality impact without authentication requirements.
Unauthenticated remote attackers can exploit the flaw over the network by transmitting crafted SMBv1 packets, allowing them to extract arbitrary sensitive information from the target system's memory without any user interaction or elevated privileges. This can expose credentials, encryption keys, or other process data that may facilitate further attacks.
References to the issue, including SecurityFocus, SecurityTracker, Siemens SSA-701903, and PacketStorm analyses of DOUBLEPULSAR payload execution and SMB remote code execution, point to associated advisories and neutralization techniques for related SMB threats, though specific patch or mitigation details are not enumerated in the provided sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0514
Vulnerability details
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…
more
allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
- CWE(s)
- KEV Date Added
- 24 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Disabling SMBv1 (an unnecessary protocol) directly eliminates the attack surface exploited by crafted packets to read process memory.
Applying the vendor patch for CVE-2017-0147 removes the memory-disclosure flaw in the SMBv1 server implementation.
Boundary-protection devices can block or restrict unauthenticated SMBv1 traffic from reaching the vulnerable Windows hosts.