Improper Authentication Handling in Dell EMC ScaleIO Management Component
CVE-2018-1237

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Scaleio
Vendor: CVE Published:; 27 March 2018

Summary

Dell EMC ScaleIO versions prior to 2.5 feature improper restrictions on authentication attempts within the Light Installation Agent (LIA). This component, essential for the centralized management of ScaleIO nodes, is present on every server in a ScaleIO cluster. A remote adversary with network access to the LIA can exploit this vulnerability to perform brute force attacks, potentially compromising user accounts by guessing usernames and passwords.

Affected Version(s)

ScaleIO versions prior to 2.5

References

http://seclists.org/fulldisclosure/2018/Mar/59

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Dec 6, 2017