1. Home
  2. CVE Database
  3. CVE-2018-1240
HIGH · 8.0

CVE-2018-1240

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the...

Vulnerability Description

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.

CVSS Score

8.0

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
EmcVipr Controller>= 3.0.0.39, < 3.6.1.4

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2018-1240?

CVE-2018-1240 is a vulnerability with a CVSS score of 8.0 (HIGH). Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the...

How severe is CVE-2018-1240?

CVE-2018-1240 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1240?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Vipr Controller.