CVE-2018-1238

7.5HIGH

Key Information:

Vendor: Dell
Status: Scaleio
Vendor: CVE Published:; 27 March 2018

Summary

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.

Affected Version(s)

ScaleIO versions prior to 2.5

References

http://seclists.org/fulldisclosure/2018/Mar/59

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Dec 6, 2017