Published: 20/12/2017 Updated: 12/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in EMC Data Domain DD OS 5.7 family, versions before 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions before 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions before 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions before 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions before 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc data domain os
emc data domain 3.1
emc data domain 3.0
emc data domain 2.0

EMC admin? Plug this hole before the holidays

The Register • Richard Chirgwin • 21 Dec 2017

Because we haven't set fired SMBv1 into the Sun

Dell EMC has patched an SMBv1 bug in its Data Domain Deduplication and Data Protection software. It's probably worth your time running the patch in, if you can, because as the advisory explained, it's a memory overflow that could open a system to remote code execution (RCE). CVE-2017-14385 affects quite a few versions of the system: the Data Domain DD OS 5.7 family prior to 5.7.5.6; 6.0 versions prior to 6.0.2.9; 6.1 versions prior to 6.1.0.21; all versions of Data Domain Virtual Edition in 2.0,...

CVE-2017-14385

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect