1. Home
  2. CVE Database
  3. CVE-2016-0917
CRITICAL · 9.8

CVE-2016-0917

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before...

Vulnerability Description

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
EmcVnx1 Oe Firmware-
EmcVnx2 Oe Firmware-
EmcVnxe Oe Firmware-
EmcVnx5200-
EmcVnx5400-
EmcVnx5600-
EmcVnx5800-
EmcVnxe1600-
EmcVnxe3100-
EmcVnxe3150-
EmcVnxe3200-
EmcVnxe3200 Hybrid-
EmcVnxe3300-

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2016-0917?

CVE-2016-0917 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before...

How severe is CVE-2016-0917?

CVE-2016-0917 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-0917?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Vnx1 Oe Firmware, Emc Vnx2 Oe Firmware, Emc Vnxe Oe Firmware, Emc Vnx5200, Emc Vnx5400.