What is the severity of CVE-2018-1281?

CVE-2018-1281 is considered a high severity vulnerability due to its potential for exposing applications to unauthorized access.

How do I fix CVE-2018-1281?

To fix CVE-2018-1281, upgrade Apache MXNet to version 1.0.0 or newer to ensure it listens only on specified IP addresses.

Who is affected by CVE-2018-1281?

CVE-2018-1281 affects users of Apache MXNet versions older than 1.0.0 who deploy the framework in a clustered setup.

What impact can CVE-2018-1281 have on my application?

The impact of CVE-2018-1281 can lead to unauthorized access if the scheduler is exposed to untrusted networks.

What should I do if I cannot upgrade to fix CVE-2018-1281?

If you cannot upgrade to fix CVE-2018-1281, consider implementing firewall rules to restrict access to the scheduler's IP and port.

Vulnerability/
CVE-2018-1281

medium

6.5

CWE

200

8/6/2018

17/9/2024

CVE-2018-1281: Infoleak

First published: Fri Jun 08 2018(Updated: )

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache MXNet	<1.0.0

Remedy

https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea

Never miss a vulnerability like this again

Reference Links

https://github.com/dmlc/ps-lite/commit/4be817e8b03e7e92517e91f2dfcc50865e91c6ea

Frequently Asked Questions

What is the severity of CVE-2018-1281?
CVE-2018-1281 is considered a high severity vulnerability due to its potential for exposing applications to unauthorized access.
How do I fix CVE-2018-1281?
To fix CVE-2018-1281, upgrade Apache MXNet to version 1.0.0 or newer to ensure it listens only on specified IP addresses.
Who is affected by CVE-2018-1281?
CVE-2018-1281 affects users of Apache MXNet versions older than 1.0.0 who deploy the framework in a clustered setup.
What impact can CVE-2018-1281 have on my application?
The impact of CVE-2018-1281 can lead to unauthorized access if the scheduler is exposed to untrusted networks.
What should I do if I cannot upgrade to fix CVE-2018-1281?
If you cannot upgrade to fix CVE-2018-1281, consider implementing firewall rules to restrict access to the scheduler's IP and port.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/event
agent/description
agent/tags
agent/first-publish-date
agent/source
vendor/apache
canonical/apache mxnet

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.