CVE-2017-14385
HIGHEMC Data Domain DD OS 5.7-6.1 - Unauthenticated Remote Code Execution via SMBv1 Memory Overflow
Title source: llmDescription
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://seclists.org/fulldisclosure/2017/Dec/79
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040027
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102289
Scores
CVSS v3
7.5
EPSS
0.0915
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (5)
emc/data_domain
2.0
emc/data_domain
3.0 (2 CPE variants)
emc/data_domain
3.1 update_2
emc/data_domain_os
5.7 - 5.7.5.6
n/a/EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.
EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain D
Published
Dec 20, 2017
Tracked Since
Feb 18, 2026