Lucene search

CanonicalCVE-2018-15686

HistoryOct 26, 2018 - 2:29 p.m.

CVE-2018-15686

2018-10-2614:29:00

CWE-502

canonical

web.nvd.nist.gov

238

cve-2018-15686

systemd

vulnerability

unit_deserialize

notifyaccess

root privilege escalation

nvd

security

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.2%

JSON

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

debiandebian_linuxMatch8.0

Node

systemd_projectsystemdRange≤239

Node

oraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch1.4.0

VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.10cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
systemd_projectsystemd*cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_network_function_cloud_native_environment1.4.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
systemd_project	systemd	*	cpe:2.3:a:systemd_project:systemd::::::::
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.4.0	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:::::::*

CNA Affected

[
  {
    "product": "systemd",
    "vendor": "systemd",
    "versions": [
      {
        "lessThanOrEqual": "239",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]