CVE-2017-14385

Published Dec 20, 2017

Last updated 21 days ago

CVSS high 7.5

Overview

Description: An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.
Source: security_alert@emc.com
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emc:data_domain:2.0:*:*:*:virtual:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5EFDEC-E166-42F7-938D-7CBC49B5D361"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain:3.0:*:*:*:virtual:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7A08866-1116-44F9-BF45-61E70A87E81E"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain:3.0:sp2:*:*:virtual:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE9E614-362E-438F-A152-E68E658D499B"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain:3.1:update_2:*:*:virtual:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AA14F6E-2C1E-41AF-A45A-150F43D33F80"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDDB5769-1D52-4AAC-8868-39B87BEDE34D",
            "versionEndExcluding": "5.7.5.6",
            "versionStartIncluding": "5.7"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3321CCE6-9D7F-47CC-AD21-C7D97C39F1EC",
            "versionEndExcluding": "6.0.2.9",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:o:emc:data_domain_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F96D132F-05B7-4126-83A6-42A63AE3FA34",
            "versionEndExcluding": "6.1.0.21",
            "versionStartIncluding": "6.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References