Vulnerability Description
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Data Domain | 2.0 |
| Emc | Data Domain Os | >= 5.7, < 5.7.5.6 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Dec/79Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/102289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040027Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Dec/79Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/102289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040027Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-14385?
CVE-2017-14385 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to...
How severe is CVE-2017-14385?
CVE-2017-14385 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14385?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Data Domain, Emc Data Domain Os.