Home > Vulnerability Database > CVE-2018-1111

Mend Vulnerability Database

CVE-2018-1111

Good to know:

Date: May 17, 2018

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Language: D

Severity Score

7.5

Related Resources (5)

Url: https://access.redhat.com/security/vulnerabilities/3442151

Url: https://access.redhat.com/security/cve/CVE-2018-1111

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1111

Url: https://www.mend.io/vulnerability-database/CVE-2018-1111

Url: https://www.mend.io/resources/blog/top-5-new-open-source-security-vulnerabilities-in-may-2018

Severity Score

7.5

Weakness Type (CWE)

Command Injection

CWE-77

OS Command Injections

CWE-78

Top Fix

Upgrade Version

CVSS v3

Base Score:	7.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.9
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2018-1111

Good to know:

Date: May 17, 2018

Language: D

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?