CVE-2018-1111

HIGH

Published 2018-05-17T16:00:00

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-1111. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0

7.5

/10

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.968

probability

of exploitation in the wild

There is a 96.8% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.998

Higher than 99.8% of all CVEs

Attack Vector Metrics

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

dhcp

Affected Versions:

Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7

Fedora

dhcp

Affected Versions:

Fedora 28

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-5jw9-5ff9-vr5p

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1111

WEB https://www.tenable.com/security/tns-2018-10

WEB https://www.exploit-db.com/exploits/44890

WEB https://www.exploit-db.com/exploits/44652

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7

WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ

WEB https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

WEB https://bugzilla.redhat.com/show_bug.cgi?id=1567974

WEB https://access.redhat.com/security/vulnerabilities/3442151

WEB https://access.redhat.com/security/cve/CVE-2018-1111

WEB https://access.redhat.com/errata/RHSA-2018:1525

WEB https://access.redhat.com/errata/RHSA-2018:1524

WEB https://access.redhat.com/errata/RHSA-2018:1461

WEB https://access.redhat.com/errata/RHSA-2018:1460

WEB https://access.redhat.com/errata/RHSA-2018:1459

WEB https://access.redhat.com/errata/RHSA-2018:1458

WEB https://access.redhat.com/errata/RHSA-2018:1457

WEB https://access.redhat.com/errata/RHSA-2018:1456

WEB https://access.redhat.com/errata/RHSA-2018:1455

WEB https://access.redhat.com/errata/RHSA-2018:1454

WEB https://access.redhat.com/errata/RHSA-2018:1453

WEB http://www.securityfocus.com/bid/104195

WEB http://www.securitytracker.com/id/1040912

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

https://www.tenable.com/security/tns-2018-10

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

https://access.redhat.com/security/vulnerabilities/3442151

http://www.securityfocus.com/bid/104195

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

http://www.securitytracker.com/id/1040912

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://access.redhat.com/errata/RHSA-2018:1454

https://access.redhat.com/errata/RHSA-2018:1455

https://access.redhat.com/errata/RHSA-2018:1457

https://access.redhat.com/errata/RHSA-2018:1459

https://access.redhat.com/errata/RHSA-2018:1453

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

https://access.redhat.com/errata/RHSA-2018:1524

https://access.redhat.com/errata/RHSA-2018:1456

https://access.redhat.com/errata/RHSA-2018:1461

https://www.exploit-db.com/exploits/44652/

https://www.exploit-db.com/exploits/44890/

https://access.redhat.com/errata/RHSA-2018:1458

https://access.redhat.com/errata/RHSA-2018:1460

Published: 2018-05-17T16:00:00

Last Modified: 2024-08-05T03:51:48.789Z

Copied to clipboard!

CVE-2018-1111

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

dhcp

Affected Versions:

dhcp

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!