Home

CVE-2018-1238

Description

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.446

Associated Vulnerability

VulnerabilityOS Platform
Mozilla Firefox (62.0)Windows
Mozilla Firefox (x64) (62.0)Windows
Mozilla Firefox ESR (60.2.0)Windows
Mozilla Firefox ESR (x64) (60.2.0)Windows
Mozilla Firefox (62.0.2)Windows
Mozilla Firefox ESR (60.2.1)Windows
Mozilla Firefox (x64) (62.0.2)Windows
Mozilla Firefox ESR (x64) (60.2.1)Windows
Mozilla Firefox (62.0.3)Windows
Mozilla Firefox ESR (60.2.2)Windows
Mozilla Firefox (x64) (62.0.3)Windows
Mozilla Firefox ESR (x64) (60.2.2)Windows
Mozilla Firefox (63.0)Windows
Mozilla Firefox (x64) (63.0)Windows
Upgrade LibreOffice (x64) 6.0.0 to latest versionWindows
Upgrade libreoffice 6.0.0 to latest versionWindows
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2018-1238)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-308023Mozilla Firefox (62.0)
PATCH-308025Mozilla Firefox (x64) (62.0)
PATCH-308027Mozilla Firefox ESR (60.2.0)
PATCH-308035Mozilla Firefox ESR (x64) (60.2.0)
PATCH-308122Mozilla Firefox (62.0.2)
PATCH-308123Mozilla Firefox ESR (60.2.1)
PATCH-308124Mozilla Firefox (x64) (62.0.2)
PATCH-308125Mozilla Firefox ESR (x64) (60.2.1)
PATCH-308180Mozilla Firefox (62.0.3)
PATCH-308181Mozilla Firefox ESR (60.2.2)
PATCH-308182Mozilla Firefox (x64) (62.0.3)
PATCH-308183Mozilla Firefox ESR (x64) (60.2.2)
PATCH-308288Mozilla Firefox (63.0)
PATCH-308291Mozilla Firefox (x64) (63.0)
PATCH-343131LibreOffice (x64) (24.8.3)
PATCH-307102Updates for LibreOffice (6.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234