CVE-2017-0148

17.03.2017, 00:59

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
microsoft	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
microsoft	server_message_block	1.0
siemens	acuson_p300_firmware	13.02
siemens	acuson_p300_firmware	13.03
siemens	acuson_p300_firmware	13.20
siemens	acuson_p300_firmware	13.21
siemens	acuson_sc2000_firmware	4.0 ≤ 𝑥 < 4.0e
siemens	acuson_sc2000_firmware	5.0a:a
siemens	acuson_x700_firmware	1.0
siemens	acuson_x700_firmware	1.1
siemens	syngo_sc2000_firmware	4.0 ≤ 𝑥 ≤ 4.0e
siemens	syngo_sc2000_firmware	5.0a:a
siemens	tissue_preparation_system_firmware	*
siemens	versant_kpcr_molecular_system_firmware	*
siemens	versant_kpcr_sample_prep_firmware	*