CVE-2017-0145

CVE Published 2017-03-17
Related CWE(s) CWE-20: Improper Input Validation
Related Vendor(s) microsoft, siemens
Related Product(s) versant_kpcr_sample_prep_firmware, versant_kpcr_molecular_system_firmware, acuson_p300_firmware, acuson_p500_firmware, acuson_sc2000_firmware, syngo_sc2000_firmware, acuson_x700_firmware, tissue_preparation_system_firmware, server_message_block
Exploitation Reported (CISA KEV) 2022-02-10
CVSS 3 Base Score 8.8 (HIGH)
CVSS 3 Attack Complexity LOW
CVSS 3 Attack Vector NETWORK

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

References