exploitDog

CVE-2018-1237

Опубликовано: 27 мар. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

Ссылки

http://seclists.org/fulldisclosure/2018/Mar/59
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Mar/59
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:emc_scaleio:*:*:*:*:*:*:*:*

Версия до 2.5 (исключая)

EPSS

Процентиль: 55%

0.0032

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-q97w-4jj3-g574

CVSS3: 9.8

github

больше 3 лет назад

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

EPSS

Процентиль: 55%

0.0032

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287