CVE-2018-1238

Name of the Vulnerable Software and Affected Versions Dell EMC ScaleIO versions prior to 2.5

Description The issue concerns a command injection vulnerability in the Light Installation Agent (LIA) of Dell EMC ScaleIO. This component is used for central management and utilizes shell commands for certain actions. A remote malicious user with network access to LIA and knowledge of the LIA administrative password could potentially exploit this to run arbitrary commands as root on the systems where LIAs are installed.

Recommendations For versions prior to 2.5, update to version 2.5 or later to resolve the issue.