CVE-2018-1111

🗓️ 17 May 2018 16:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 373 Views

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client

Reporter	Title	Published	Views	Family All 115
0day.today	DynoRoot DHCP - Client Command Injection Exploit	18 May 201800:00	–	zdt
0day.today	DHCP Client - Command Injection (DynoRoot) Exploit	13 Jun 201800:00	–	zdt
IBM Security Bulletins	Security Bulletin: A vulnerability in DHCP affects PowerKVM	6 Jul 201823:55	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)	3 Jun 201916:15	–	ibm
Tenable Nessus	Amazon Linux 2 : dhcp (ALAS-2018-1021)	30 May 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : dhcp (ALAS-2018-1024)	30 May 201800:00	–	nessus
Tenable Nessus	CentOS 7 : dhcp (CESA-2018:1453)	16 May 201800:00	–	nessus
Tenable Nessus	CentOS 6 : dhcp (CESA-2018:1454)	16 May 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : dhcp (EulerOS-SA-2018-1122)	29 May 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : dhcp (EulerOS-SA-2018-1123)	29 May 201800:00	–	nessus

NVD

Vulners

Node

fedoraproject fedoraMatch26

fedoraproject fedoraMatch27

fedoraproject fedoraMatch28

Node

redhat enterprise_virtualizationMatch4.0

redhat enterprise_virtualizationMatch4.2

redhat enterprise_virtualization_hostMatch4.0

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch6.4

redhat enterprise_linuxMatch6.5

redhat enterprise_linuxMatch6.6

redhat enterprise_linuxMatch6.7

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch7.2

redhat enterprise_linuxMatch7.3

redhat enterprise_linuxMatch7.4

redhat enterprise_linuxMatch7.5

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

[
  {
    "product": "dhcp",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "Red Hat Enterprise Linux 6"
      },
      {
        "status": "affected",
        "version": "Red Hat Enterprise Linux 7"
      }
    ]
  },
  {
    "product": "dhcp",
    "vendor": "Fedora",
    "versions": [
      {
        "status": "affected",
        "version": "Fedora 28"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1040912
securityfocus	www.securityfocus.com/bid/104195
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
exploit-db	www.exploit-db.com/exploits/44890/
help	www.help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2018:1456
tenable	www.tenable.com/security/tns-2018-10
access	www.access.redhat.com/errata/RHSA-2018:1453
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

21 Nov 2024 03:59Current

7.9High risk

Vulners AI Score7.9

CVSS 37.5

CVSS 27.9

EPSS0.88233