CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1237

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile32.21th
Published2018年3月27日
Last Modified2024年11月21日

Vulnerability Description

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

Affected Platforms (CPE)

📦
Dell

Emc Scaleio

< 2.5

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Mar/59
🔗 http://seclists.org/fulldisclosure/2018/Mar/59

相关漏洞威胁

CVE-2017-80209.8

An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote...

CVE-2016-98678.8

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel m...

CVE-2017-80018.4

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the Sc...

CVE-2018-12057.5

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacke...