CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
57.5%
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | busybox | < 1:1.20.0-3 | busybox_1:1.20.0-3_all.deb |
Debian | 11 | all | busybox | < 1:1.20.0-3 | busybox_1:1.20.0-3_all.deb |
Debian | 999 | all | busybox | < 1:1.20.0-3 | busybox_1:1.20.0-3_all.deb |
Debian | 13 | all | busybox | < 1:1.20.0-3 | busybox_1:1.20.0-3_all.deb |