CVE-2018-1240
Description
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linuxs keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the clusters virtual IP and cause a denial of service on that ViPR Controller system.
Risk Information
Base Score
8.0
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.145
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mozilla Firefox (63.0) | Windows |
| Mozilla Firefox (x64) (63.0) | Windows |
| Upgrade Foxit Reader Enterprise 9.0.1 to latest version | Windows |
| Upgrade foxit_reader 9.0.1 to latest version | Windows |
| Mozilla Thunderbird (60.4.0) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-308288 | Mozilla Firefox (63.0) |
| PATCH-308291 | Mozilla Firefox (x64) (63.0) |
| PATCH-341798 | Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise) |
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-308671 | Mozilla Thunderbird (60.4.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234