Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-r42j-jg5s-auda

Summary dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

Aliases

alias	CVE-2018-1111

Fixed_packages

Affected_packages

url pkg:rpm/redhat/dhcp@12:4.1.1-34.P1.el6_4?arch=2

purl pkg:rpm/redhat/dhcp@12:4.1.1-34.P1.el6_4?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.1.1-34.P1.el6_4%3Farch=2

url pkg:rpm/redhat/dhcp@12:4.1.1-38.P1.el6_5?arch=1

purl pkg:rpm/redhat/dhcp@12:4.1.1-38.P1.el6_5?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.1.1-38.P1.el6_5%3Farch=1

url pkg:rpm/redhat/dhcp@12:4.1.1-43.P1.el6_6?arch=2

purl pkg:rpm/redhat/dhcp@12:4.1.1-43.P1.el6_6?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.1.1-43.P1.el6_6%3Farch=2

url pkg:rpm/redhat/dhcp@12:4.1.1-49.P1.el6_7?arch=1

purl pkg:rpm/redhat/dhcp@12:4.1.1-49.P1.el6_7?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.1.1-49.P1.el6_7%3Farch=1

url pkg:rpm/redhat/dhcp@12:4.1.1-53.P1.el6_9?arch=4

purl pkg:rpm/redhat/dhcp@12:4.1.1-53.P1.el6_9?arch=4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.1.1-53.P1.el6_9%3Farch=4

url pkg:rpm/redhat/dhcp@12:4.2.5-42.el7_2?arch=1

purl pkg:rpm/redhat/dhcp@12:4.2.5-42.el7_2?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.2.5-42.el7_2%3Farch=1

url pkg:rpm/redhat/dhcp@12:4.2.5-47.el7_3?arch=1

purl pkg:rpm/redhat/dhcp@12:4.2.5-47.el7_3?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.2.5-47.el7_3%3Farch=1

url pkg:rpm/redhat/dhcp@12:4.2.5-58.el7_4?arch=4

purl pkg:rpm/redhat/dhcp@12:4.2.5-58.el7_4?arch=4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.2.5-58.el7_4%3Farch=4

url pkg:rpm/redhat/dhcp@12:4.2.5-68.el7_5?arch=1

purl pkg:rpm/redhat/dhcp@12:4.2.5-68.el7_5?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dhcp@12:4.2.5-68.el7_5%3Farch=1

url pkg:rpm/redhat/imgbased@1.0.16-0.1?arch=el7ev

purl pkg:rpm/redhat/imgbased@1.0.16-0.1?arch=el7ev

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yt3-cqzy-ffd3

vulnerability	VCID-fyjt-q8ww-bkdu

vulnerability	VCID-qmav-pppv-p3e1

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/imgbased@1.0.16-0.1%3Farch=el7ev

url pkg:rpm/redhat/ovirt-node-ng@4.2.0-0.20170814.0?arch=el7

purl pkg:rpm/redhat/ovirt-node-ng@4.2.0-0.20170814.0?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yt3-cqzy-ffd3

vulnerability	VCID-fyjt-q8ww-bkdu

vulnerability	VCID-qmav-pppv-p3e1

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-node-ng@4.2.0-0.20170814.0%3Farch=el7

url pkg:rpm/redhat/redhat-release-virtualization-host@4.2-3.0?arch=el7

purl pkg:rpm/redhat/redhat-release-virtualization-host@4.2-3.0?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yt3-cqzy-ffd3

vulnerability	VCID-fyjt-q8ww-bkdu

vulnerability	VCID-qmav-pppv-p3e1

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redhat-release-virtualization-host@4.2-3.0%3Farch=el7

url pkg:rpm/redhat/redhat-virtualization-host@4.2-20180508?arch=0

purl pkg:rpm/redhat/redhat-virtualization-host@4.2-20180508?arch=0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yt3-cqzy-ffd3

vulnerability	VCID-fyjt-q8ww-bkdu

vulnerability	VCID-qmav-pppv-p3e1

vulnerability	VCID-r42j-jg5s-auda

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/redhat-virtualization-host@4.2-20180508%3Farch=0

url pkg:rpm/redhat/rhvm-appliance@4.2-20180504?arch=0

purl pkg:rpm/redhat/rhvm-appliance@4.2-20180504?arch=0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ez8-r9wv-53du

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-fzrt-143x-tqdd

vulnerability	VCID-ngbm-4qyk-s3he

vulnerability	VCID-r42j-jg5s-auda

vulnerability	VCID-unwq-s63h-uuaw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rhvm-appliance@4.2-20180504%3Farch=0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1111.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1111.json

reference_url	https://access.redhat.com/security/vulnerabilities/3442151
reference_id
reference_type
scores
url	https://access.redhat.com/security/vulnerabilities/3442151

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1111

reference_id

reference_type

scores

value	0.88233
scoring_system	epss
scoring_elements	0.99496
published_at	2026-04-21T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99529
published_at	2026-04-02T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99537
published_at	2026-04-16T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99538
published_at	2026-04-18T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.9953
published_at	2026-04-04T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99531
published_at	2026-04-07T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99532
published_at	2026-04-08T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99533
published_at	2026-04-09T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99534
published_at	2026-04-12T12:55:00Z

value	0.89183
scoring_system	epss
scoring_elements	0.99535
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1111

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111

reference_url	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
reference_id
reference_type
scores
url	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/

reference_url	https://www.exploit-db.com/exploits/44652/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44652/

reference_url	https://www.exploit-db.com/exploits/44890/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44890/

reference_url	https://www.tenable.com/security/tns-2018-10
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2018-10

reference_url	http://www.securityfocus.com/bid/104195
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104195

reference_url	http://www.securitytracker.com/id/1040912
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040912

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1567974
reference_id	1567974
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1567974

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:4.0:::::::*
reference_id	cpe:2.3:a:redhat:enterprise_virtualization:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:4.2:::::::*
reference_id	cpe:2.3:a:redhat:enterprise_virtualization:4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:::::::*
reference_id	cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization_host:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:27:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://github.com/kkirsche/CVE-2018-1111/blob/e889762d796a8a2a8cb574b173e6cb215befac1a/main.py
reference_id	CVE-2018-1111
reference_type	exploit
scores
url	https://github.com/kkirsche/CVE-2018-1111/blob/e889762d796a8a2a8cb574b173e6cb215befac1a/main.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44652.py
reference_id	CVE-2018-1111
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44652.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44890.rb
reference_id	CVE-2018-1111
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44890.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1111

reference_id

CVE-2018-1111

reference_type

scores

value	7.9
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:N/C:C/I:C/A:C

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1111

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/c3c6bc19da7d63c5fd3f6d87fee058ce4b4e8b8f/modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb
reference_id	CVE-2018-1111
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/c3c6bc19da7d63c5fd3f6d87fee058ce4b4e8b8f/modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb

reference_url	https://access.redhat.com/errata/RHSA-2018:1453
reference_id	RHSA-2018:1453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1453

reference_url	https://access.redhat.com/errata/RHSA-2018:1454
reference_id	RHSA-2018:1454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1454

reference_url	https://access.redhat.com/errata/RHSA-2018:1455
reference_id	RHSA-2018:1455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1455

reference_url	https://access.redhat.com/errata/RHSA-2018:1456
reference_id	RHSA-2018:1456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1456

reference_url	https://access.redhat.com/errata/RHSA-2018:1457
reference_id	RHSA-2018:1457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1457

reference_url	https://access.redhat.com/errata/RHSA-2018:1458
reference_id	RHSA-2018:1458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1458

reference_url	https://access.redhat.com/errata/RHSA-2018:1459
reference_id	RHSA-2018:1459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1459

reference_url	https://access.redhat.com/errata/RHSA-2018:1460
reference_id	RHSA-2018:1460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1460

reference_url	https://access.redhat.com/errata/RHSA-2018:1461
reference_id	RHSA-2018:1461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1461

reference_url	https://access.redhat.com/errata/RHSA-2018:1524
reference_id	RHSA-2018:1524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1524

Weaknesses

cwe_id	77
name	Improper Neutralization of Special Elements used in a Command ('Command Injection')
description	The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Exploits

date_added	2018-06-13
description	DHCP Client - Command Injection 'DynoRoot' (Metasploit)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2018-06-13
exploit_type	remote
platform	linux
source_date_updated	2018-06-19
data_source	Exploit-DB
source_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/c3c6bc19da7d63c5fd3f6d87fee058ce4b4e8b8f/modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb

date_added	`null`
description	This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe SideEffects: - ioc-in-logs Reliability: - repeatable-session AKA: - DynoRoot
known_ransomware_campaign_use	`false`
source_date_published	2018-05-15
exploit_type	`null`
platform	Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb

Severity_range_score 7.5 - 7.9

Exploitability 2.0

Weighted_severity 7.1

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r42j-jg5s-auda

Vulnerability Instance