CVE-2018-15686 — HIGH (7.8)

Q: How severe is CVE-2018-15686?

CVE-2018-15686 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15686?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Systemd Project Systemd, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

Vulnerability Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	8.0
Systemd Project	Systemd	<= 239
Oracle	Communications Cloud Native Core Network Function Cloud Native Environment	1.4.0

Related Weaknesses (CWE)

CWE-502

References

http://www.securityfocus.com/bid/105747Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2091Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3222Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0593Third Party Advisory
https://github.com/systemd/systemd/pull/10519PatchThird Party Advisory
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201810-10Third Party Advisory
https://usn.ubuntu.com/3816-1/Third Party Advisory
https://www.exploit-db.com/exploits/45714/ExploitThird Party AdvisoryVDB Entry
https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
http://www.securityfocus.com/bid/105747Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2091Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3222Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0593Third Party Advisory

FAQ

What is CVE-2018-15686?

CVE-2018-15686 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and...

How severe is CVE-2018-15686?

CVE-2018-15686 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15686?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Systemd Project Systemd, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.