CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1237

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile32.21th
PublishedMar 27, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

Affected Platforms (CPE)

📦
Dell

Emc Scaleio

< 2.5

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Mar/59
🔗 http://seclists.org/fulldisclosure/2018/Mar/59

Related Vulnerabilities

CVE-2017-80209.8

An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote...

CVE-2016-98678.8

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel m...

CVE-2017-80018.4

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the Sc...

CVE-2018-12057.5

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacke...