|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-14385
|CWE ID|| CWE-119
|Public exploit||Not available|
EMC Data Domain
|Vulnerable software versions||
EMC Data Domain 6.1
EMC Data Domain 6.0.2
EMC Data Domain 6.0.1
|Vendor URL||EMC Corporation|
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious input. A remote attacker can send specially crafted SMB1 data, trigger memory corruption in the SMB1 handler, completely shut down both the SMB service and active directory authentication and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.Remediation
Update to version 18.104.22.168; 22.214.171.124, 126.96.36.199.External links