Home > Vulnerability Database > CVE-2018-1111

Mend.io Vulnerability Database

CVE-2018-1111

Date: May 17, 2018

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Language: D

Severity Score

7.5

Related Resources (25)

Url: https://access.redhat.com/security/vulnerabilities/3442151

Url: https://access.redhat.com/security/cve/CVE-2018-1111

Url: https://access.redhat.com/errata/RHSA-2018:1459

Url: https://access.redhat.com/errata/RHSA-2018:1457

Url: https://www.tenable.com/security/tns-2018-10

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

Url: https://access.redhat.com/errata/RHSA-2018:1524

Url: https://www.exploit-db.com/exploits/44652/

Url: https://access.redhat.com/errata/RHSA-2018:1458

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

Url: https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Url: http://www.securityfocus.com/bid/104195

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

Url: https://access.redhat.com/errata/RHSA-2018:1455

Url: https://access.redhat.com/errata/RHSA-2018:1456

Url: https://access.redhat.com/errata/RHSA-2018:1453

Url: https://www.exploit-db.com/exploits/44890/

Url: https://access.redhat.com/errata/RHSA-2018:1454

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1111

Url: https://access.redhat.com/errata/RHSA-2018:1460

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

Url: http://www.securitytracker.com/id/1040912

Url: https://access.redhat.com/errata/RHSA-2018:1461

Url: https://www.mend.io/vulnerability-database/CVE-2018-1111

Url: https://www.mend.io/resources/blog/top-5-new-open-source-security-vulnerabilities-in-may-2018

Severity Score

7.5

Weakness Type (CWE)

Command Injection

CWE-77

OS Command Injections

CWE-78

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.9
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1111

Date: May 17, 2018

Language: D

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?