CVE-2018-1111 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	26
Redhat	Enterprise Virtualization	4.0
Redhat	Enterprise Virtualization Host	4.0
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-78 CWE-77

References

http://www.securityfocus.com/bid/104195Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040912Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:1453Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1454Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1455Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1456Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1457Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1458Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1459Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1460Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1461Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1524Vendor Advisory
https://access.redhat.com/security/vulnerabilities/3442151Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111Issue TrackingVendor Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur

FAQ

What is CVE-2018-1111?

CVE-2018-1111 is a vulnerability with a CVSS score of 7.5 (HIGH). DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious D...

How severe is CVE-2018-1111?

CVE-2018-1111 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1111?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Redhat Enterprise Virtualization, Redhat Enterprise Virtualization Host, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.