Remote Code Execution Vulnerability in Dell EMC ScaleIO MDM Service
CVE-2018-1205

7.5HIGH

Key Information:

Vendor: Dell
Status: Scaleio
Vendor: CVE Published:; 27 March 2018

Summary

A vulnerability in Dell EMC ScaleIO affects versions prior to 2.5, where the MDM service inadequately processes certain packet data. This flaw enables remote attackers to send specially crafted packets to the MDM service, resulting in potential service crashes. Users are urged to upgrade to the latest version to mitigate the risk of this exploit affecting system stability and security.

Affected Version(s)

ScaleIO versions prior to 2.5

References

http://seclists.org/fulldisclosure/2018/Mar/59

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Dec 6, 2017