4.3 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:N/I:P/A:N
lldpad does not properly sanitize shell control characters. An attacker is able to inject shell control characters into the buffer and cause unexpected behavior in the terminal. This is due to raw and unsanitized buffer being displayed when mngAddr
information is displayed.
CPE | Name | Operator | Version |
---|---|---|---|
lldpad | eq | 1.0.1__9.git036e314.el8 | |
lldpad | eq | 1.0.1__9.git036e314.el8 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
access.redhat.com/errata/RHBA-2019:2339
access.redhat.com/errata/RHSA-2019:3673
access.redhat.com/security/cve/cve-2018-10932
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1551623
bugzilla.redhat.com/show_bug.cgi?id=1614896
bugzilla.redhat.com/show_bug.cgi?id=1727326
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932
exchange.xforce.ibmcloud.com/vulnerabilities/148721
github.com/intel/openlldp/pull/7
4.3 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:N/I:P/A:N