Critical Vulnerabilities

SMB/CIFS CVE Database

Comprehensive database of SMB/CIFS vulnerabilities, exploits, and mitigation strategies. Stay informed about the latest security threats and attack vectors.

4
Critical CVEs
1
High Severity
5
Exploits Available
5
Total CVEs
Critical
CVE-2017-0144
Exploit Available
EternalBlue - SMB Remote Code Execution
A critical vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol that allows remote code execution. This vulnerability was exploited by the WannaCry ransomware and is considered one of the most dangerous SMB vulnerabilities.

Affected Versions

Windows Vista, 7, 8.1, 10, Server 2008, 2012, 2016

Severity Level

Critical
Critical
CVE-2020-0796
Exploit Available
SMBGhost - SMBv3 Compression RCE
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

Affected Versions

Windows 10 versions 1903, 1909, Server 2019

Severity Level

Critical
Critical
CVE-2008-4250
Exploit Available
MS08-067 - Server Service RPC Vulnerability
A remote code execution vulnerability exists in the Server service that could allow remote code execution if an affected system received a specially crafted RPC request. This vulnerability was exploited by the Conficker worm.

Affected Versions

Windows 2000, XP, Server 2003, Vista, Server 2008

Severity Level

Critical
Critical
CVE-2017-0143
Exploit Available
EternalRomance - SMB Remote Code Execution
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. Part of the EternalBlue family of vulnerabilities.

Affected Versions

Windows Vista, 7, 8.1, 10, Server 2008, 2012, 2016

Severity Level

Critical
High
CVE-2021-31166
Exploit Available
HTTP.sys Remote Code Execution
A remote code execution vulnerability exists in HTTP Protocol Stack (HTTP.sys) when HTTP.sys improperly handles objects in memory. While not directly SMB-related, often found in conjunction with SMB services.

Affected Versions

Windows 10, Server 2019, Server 2022

Severity Level

High

Additional Security Resources

MITRE ATT&CK
SMB/CIFS related tactics and techniques in the MITRE ATT&CK framework
NIST Database
National Vulnerability Database for comprehensive CVE information
Exploit Database
Searchable archive of exploits and vulnerable software