CVE-2018-1238 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-1238?

CVE-2018-1238 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1238?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Scaleio.

Vulnerability Description

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Emc Scaleio	< 2.5

Related Weaknesses (CWE)

CWE-78

References

http://seclists.org/fulldisclosure/2018/Mar/59Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2018/Mar/59Mailing ListThird Party Advisory

FAQ

What is CVE-2018-1238?

CVE-2018-1238 is a vulnerability with a CVSS score of 7.5 (HIGH). Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses sh...

How severe is CVE-2018-1238?

CVE-2018-1238 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1238?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Scaleio.