CVE-2018-1240: Infoleak
First published: Wed Apr 18 2018(Updated: )
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC ViPR Controller | >=3.0.0.39<3.6.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1240?
CVE-2018-1240 is an information exposure vulnerability in Dell EMC ViPR Controller versions after 3.0.0.38.
How does CVE-2018-1240 affect Dell EMC ViPR Controller?
CVE-2018-1240 allows a malicious user to obtain the cluster password in plaintext through multicast in Dell EMC ViPR Controller versions after 3.0.0.38.
What is the severity of CVE-2018-1240?
CVE-2018-1240 has a severity level of high.
How can I fix CVE-2018-1240?
To fix CVE-2018-1240, upgrade Dell EMC ViPR Controller to a version equal to or higher than 3.6.1.4.
Where can I find more information about CVE-2018-1240?
You can find more information about CVE-2018-1240 at the following link: [http://seclists.org/fulldisclosure/2018/Apr/29](http://seclists.org/fulldisclosure/2018/Apr/29)
- collector/nvd-index
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/emc
- canonical/emc vipr controller
- version/emc vipr controller/3.0.0.39