Russian Vulnerability Scanner Database

CVE-2018-1111

Scores

EPSS

0.892high89.2%

0%20%40%60%80%100%

Percentile: 89.2%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Description

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvdredhat

CWEs

CWE-77

Related Vulnerabilities

Exploits

Exploit ID: 44652

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44652

Exploit ID: 44890

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44890

Exploit ID: CVE-2018-1111

Source: github-poc

URL: https://github.com/kkirsche/CVE-2018-1111

Recommendations

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1461

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1460

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1459

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1458

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1457

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1456

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1455

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1454

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

URL: https://access.redhat.com/errata/RHSA-2018:1453

Vulnerable Software (24)

Type: Configuration

Product: dhcp

Operating System: rhel 6

Trait:

{  "fixed": "4.1.1-53.P1.el6_9.4"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 6.4

Trait:

{  "fixed": "4.1.1-34.P1.el6_4.2"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 6.5

Trait:

{  "fixed": "4.1.1-38.P1.el6_5.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 6.6

Trait:

{  "fixed": "4.1.1-43.P1.el6_6.2"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 6.6

Trait:

{  "fixed": "4.1.1-43.P1.el6_6.2"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 6.7

Trait:

{  "fixed": "4.1.1-49.P1.el6_7.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7

Trait:

{  "fixed": "4.2.5-68.el7_5.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7.2

Trait:

{  "fixed": "4.2.5-42.el7_2.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7.2

Trait:

{  "fixed": "4.2.5-42.el7_2.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7.2

Trait:

{  "fixed": "4.2.5-42.el7_2.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7.3

Trait:

{  "fixed": "4.2.5-47.el7_3.1"}

Source: redhat

Type: Configuration

Product: dhcp

Operating System: rhel 7.4

Trait:

{  "fixed": "4.2.5-58.el7_4.4"}

Source: redhat

Type: Configuration

Product: imgbased

Operating System: rhel 7

Trait:

{  "fixed": "1.0.16-0.1.el7ev"}

Source: redhat

Type: Configuration

Product: ovirt-node-ng

Operating System: rhel 7

Trait:

{  "fixed": "4.2.0-0.20170814.0.el7"}

Source: redhat

Type: Configuration

Product: redhat-release-virtualization-host

Operating System: rhel 7

Trait:

{  "fixed": "4.2-3.0.el7"}

Source: redhat

Type: Configuration

Product: redhat-virtualization-host

Operating System: rhel 7

Trait:

{  "fixed": "4.2-20180508.0"}

Source: redhat

Type: Configuration

Product: rhvm-appliance

Operating System: rhel 7

Trait:

{  "fixed": "4.2-20180504.0"}

Source: redhat

Type: Configuration

Vendor: *

Product: enterprise_linux

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtuali...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_desktop

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtuali...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtuali...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization:4.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd