CVE-2018-1237
First published: Tue Mar 27 2018(Updated: )
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC ScaleIO | <2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1237?
CVE-2018-1237 has been classified as a high severity vulnerability due to the risk of unauthorized access from excessive authentication attempts.
How do I fix CVE-2018-1237?
To fix CVE-2018-1237, update to Dell EMC ScaleIO version 2.5 or later, which addresses the authentication issue.
What are the potential impacts of CVE-2018-1237?
The potential impacts of CVE-2018-1237 include unauthorized access to the ScaleIO management capabilities, leading to compromised security.
Who is affected by CVE-2018-1237?
CVE-2018-1237 affects all users of Dell EMC ScaleIO versions prior to 2.5 that utilize the Light Installation Agent.
Is there a workaround for CVE-2018-1237?
There are no official workarounds for CVE-2018-1237, and upgrading to the latest version is strongly recommended.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/tags
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/dell
- canonical/dell emc scaleio