CVE-2017-0275 : Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vuln

Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.

Published 2017-05-12 14:29:06

Updated 2018-03-28 01:29:06

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2017-0275

Microsoft » Windows Server 2008 » Update SP2
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Update SP1
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-0275

EPSS FAQ

5.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0275

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-0275

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0275

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

Philips Intellispace Portal ISP Vulnerabilities | CISA

CVEs referencing this url
http://www.securityfocus.com/bid/98267

Microsoft Windows SMB Server CVE-2017-0275 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038432

Windows Server Message Block Unspecified Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0275

CVE-2017-0275 | Windows SMB Information Disclosure Vulnerability
Mitigation;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2017-0275

Products affected by CVE-2017-0275

Exploit prediction scoring system (EPSS) score for CVE-2017-0275

CVSS scores for CVE-2017-0275

CWE ids for CVE-2017-0275

References for CVE-2017-0275