Lucene search

[email protected]NVD:CVE-2018-1111

HistoryMay 17, 2018 - 4:29 p.m.

CVE-2018-1111

2018-05-1716:29:00

CWE-78

CWE-77

[email protected]

web.nvd.nist.gov

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch26

fedoraprojectfedoraMatch27

fedoraprojectfedoraMatch28

Node

redhatenterprise_virtualizationMatch4.0

redhatenterprise_virtualizationMatch4.2

redhatenterprise_virtualization_hostMatch4.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch6.4

redhatenterprise_linuxMatch6.5

redhatenterprise_linuxMatch6.6

redhatenterprise_linuxMatch6.7

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch7.2

redhatenterprise_linuxMatch7.3

redhatenterprise_linuxMatch7.4

redhatenterprise_linuxMatch7.5

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

References

www.securityfocus.com/bid/104195

www.securitytracker.com/id/1040912

access.redhat.com/errata/RHSA-2018:1453

access.redhat.com/errata/RHSA-2018:1454

access.redhat.com/errata/RHSA-2018:1455

access.redhat.com/errata/RHSA-2018:1456

access.redhat.com/errata/RHSA-2018:1457

access.redhat.com/errata/RHSA-2018:1458

access.redhat.com/errata/RHSA-2018:1459

access.redhat.com/errata/RHSA-2018:1460

access.redhat.com/errata/RHSA-2018:1461

access.redhat.com/errata/RHSA-2018:1524

access.redhat.com/security/vulnerabilities/3442151

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

www.exploit-db.com/exploits/44652/

www.exploit-db.com/exploits/44890/

www.tenable.com/security/tns-2018-10

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

Related for NVD:CVE-2018-1111