CVE-2018-1237
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.
Dell EMC ScaleIO, en versiones anteriores a la 2.5, contiene una restricción incorrecta de intentos de autenticación excesivos en el agente de instalación Light installation Agent (LIA). Este componente se implementa en cada servidor del clúster ScalelO y se emplea para la gestión central de nodos ScalelO. Un usuario malicioso remoto que tenga acceso de red a LIA podría explotar esta vulnerabilidad para lanzar ataques de fuerza bruta y adivinar nombres de usuario y contraseñas de cuentas de usuarios en el agente LIA.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-06 CVE Reserved
- 2018-03-27 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Mar/59 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Scaleio Search vendor "Dell" for product "Emc Scaleio" | < 2.5 Search vendor "Dell" for product "Emc Scaleio" and version " < 2.5" | - |
Affected
| ||||||