CVE-2018-1240

Published: Apr 18, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.

Vendor	Product	Versions
Dell EMC	ViPR Controller	affected `versions after 3.0.0.38`

References

20180411 DSA-2018-071: Dell EMC ViPR Controller Information Exposure Vulnerability

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1240

Description

Affected Products

References