Command Injection in Dell EMC ScaleIO Light Installation Agent
CVE-2018-1238

7.5HIGH

Key Information:

Vendor: Dell
Status: Scaleio
Vendor: CVE Published:; 27 March 2018

Summary

The Light Installation Agent (LIA) in Dell EMC ScaleIO versions prior to 2.5 is susceptible to a command injection vulnerability. This flaw allows remote attackers, possessing network access to the LIA and the administrative password, to execute arbitrary commands as root on systems where the LIA is installed. Properly safeguarding administrative credentials and applying urgent software updates can help mitigate the risks associated with this vulnerability.

Affected Version(s)

ScaleIO versions prior to 2.5

References

http://seclists.org/fulldisclosure/2018/Mar/59

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Dec 6, 2017