Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM411D03CF1226069C355598C848FAA32D074D94C269B3108D083C195335AD9409
HistoryJul 06, 2018 - 11:55 p.m.

Security Bulletin: A vulnerability in DHCP affects PowerKVM

2018-07-0623:55:57
www.ibm.com
15

0.973 High

EPSS

Percentile

99.9%

JSON

Summary

PowerKVM is affected by a vulnerability in the DHCP client. IBM has now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-1111 DESCRIPTION: The DHCP client packages in Red Hat Enterprise Linux could allow a remote attacker on the local network to execute arbitrary commands on the system, caused by a command injection flaw in the NetworkManager integration script. By spoofing DHCP responses, an attacker could exploit this vulnerability using the DHCP protocol to inject and execute arbitrary commands on the system with root privileges.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/143382 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see <https://ibm.biz/BdHggw&gt;. This issue is addressed starting with v3.1.0.2 update 14.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

nessus 29
openvas 9
metasploit 1
fedora 3
cvelist 1
redhat 11
packetstorm 2
oraclelinux 3
cve 1
checkpoint_advisories 2
veracode 1
redhatcve 1
zdt 2
f5 1
centos 2
saint 3
prion 1
nvd 1
amazon 2
thn 1
exploitpack 1
seebug 1
exploitdb 2
ibm 1
trendmicroblog 1
nessus
nessus
Amazon Linux 2 : dhcp (ALAS-2018-1021)
2018-05-30 00:00:00
RHEL 6 : dhcp (RHSA-2018:1458)
2018-05-16 00:00:00
Oracle Linux 6 : dhcp (ELSA-2018-1454)
2018-05-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2018-1188)
2020-01-23 00:00:00
CentOS Update for dhclient CESA-2018:1453 centos7
2018-05-16 00:00:00
Fedora Update for dhcp FEDORA-2018-23ca7a6798
2018-05-16 00:00:00
metasploit
metasploit
DHCP Client Command Injection (DynoRoot)
2018-05-18 16:47:08
fedora
fedora
[SECURITY] Fedora 26 Update: dhcp-4.3.5-11.fc26
2018-05-16 13:13:51
[SECURITY] Fedora 28 Update: dhcp-4.3.6-20.fc28
2018-05-15 14:48:04
[SECURITY] Fedora 27 Update: dhcp-4.3.6-10.fc27
2018-05-15 15:28:58
cvelist
cvelist
CVE-2018-1111
2018-05-17 16:00:00
redhat
redhat
(RHSA-2018:1457) Critical: dhcp security update
2018-05-15 12:14:55
(RHSA-2018:1461) Critical: dhcp security update
2018-05-15 12:14:58
(RHSA-2018:1458) Critical: dhcp security update
2018-05-15 12:14:50
packetstorm
packetstorm
DHCP Client Command Injection (DynoRoot)
2018-06-12 00:00:00
DynoRoot DHCP Command Injection
2018-05-18 00:00:00
oraclelinux
oraclelinux
dhcp security update
2018-05-15 00:00:00
dhcp security update
2018-05-15 00:00:00
dhcp security and bug fix update
2019-08-13 00:00:00
cve
cve
CVE-2018-1111
2018-05-17 16:29:00
checkpoint_advisories
checkpoint_advisories
Red Hat Linux DHCP Client Command Injection (CVE-2018-1111)
2018-05-21 00:00:00
Red Hat NetworkManager DHCP Command Injection (CVE-2018-1111)
2019-01-14 00:00:00
veracode
veracode
Arbitrary Command Execution
2019-01-15 09:22:09
redhatcve
redhatcve
CVE-2018-1111
2019-10-10 06:14:07
zdt
zdt
DHCP Client - Command Injection (DynoRoot) Exploit
2018-06-13 00:00:00
DynoRoot DHCP - Client Command Injection Exploit
2018-05-18 00:00:00
f5
f5
K32541890 : DHCP Client Script Code Execution vulnerability CVE-2018-1111
2018-05-25 00:00:00
centos
centos
dhclient, dhcp security update
2018-05-15 15:51:39
dhclient, dhcp security update
2018-05-15 17:32:34
saint
saint
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
Red Hat DHCP client NetworkManager integration script command injection
2018-05-18 00:00:00
prion
prion
Command injection
2018-05-17 16:29:00
nvd
nvd
CVE-2018-1111
2018-05-17 16:29:00
amazon
amazon
Critical: dhcp
2018-05-24 18:04:00
Low: dhcp
2018-05-25 18:16:00
thn
thn
Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks
2018-05-15 20:31:00
exploitpack
exploitpack
DynoRoot DHCP Client - Command Injection
2018-05-18 00:00:00
seebug
seebug
DHCP Client Script Code Execution Vulnerability(CVE-2018-1111)
2018-05-16 00:00:00
exploitdb
exploitdb
DynoRoot DHCP Client - Command Injection
2018-05-18 00:00:00
DHCP Client - Command Injection &#039;DynoRoot&#039; (Metasploit)
2018-06-13 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)
2019-06-03 16:15:02
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018
2018-05-18 14:52:12

0.973 High

EPSS

Percentile

99.9%

JSON
Related for 411D03CF1226069C355598C848FAA32D074D94C269B3108D083C195335AD9409
nessus29openvas9metasploit1fedora3cvelist1redhat11packetstorm2oraclelinux3cve1checkpoint_advisories2veracode1redhatcve1zdt2f51centos2saint3prion1nvd1amazon2thn1exploitpack1seebug1exploitdb2ibm1trendmicroblog1