CVE-2018-1240 is a vulnerability in EMC Vipr Controller
Published on April 18, 2018
Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
Products Associated with CVE-2018-1240
Want to know whenever a new CVE is published for EMC Vipr Controller? stack.watch will email you.
Affected Versions
Dell EMC ViPR Controller Version versions after 3.0.0.38 is affected by CVE-2018-1240Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.