CVE-2017-14385 Information

Description

An issue was discovered in EMC Data Domain DD OS 5.7 family versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family all versions; EMC Data Domain Virtual Edition 3.0 family versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://seclists.org/fulldisclosure/2017/Dec/79 http://www.securityfocus.com/bid/102289 http://www.securitytracker.com/id/1040027

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5