VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cmbj-869t-c3e3

Essentials
Severities (22)
References (15)
Severity details (13)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-cmbj-869t-c3e3
Aliases	CVE-2018-15687
Summary	Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-59	Improper Link Resolution Before File Access ('Link Following')

System	Score	Found at
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15687.json
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2018-15687
cvssv3	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	7.8	https://github.com/systemd/systemd/pull/10517/commits
ssvc	Track	https://github.com/systemd/systemd/pull/10517/commits
archlinux	Critical	https://security.archlinux.org/AVG-789
cvssv3	7.8	https://security.gentoo.org/glsa/201810-10
ssvc	Track	https://security.gentoo.org/glsa/201810-10
cvssv3	7.8	https://usn.ubuntu.com/3816-1/
ssvc	Track	https://usn.ubuntu.com/3816-1/
cvssv3	7.8	https://www.exploit-db.com/exploits/45715/
ssvc	Track	https://www.exploit-db.com/exploits/45715/
cvssv3	7.8	http://www.securityfocus.com/bid/105748
ssvc	Track	http://www.securityfocus.com/bid/105748

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15687.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-15687
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15687
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
105748		http://www.securityfocus.com/bid/105748
1639076		https://bugzilla.redhat.com/show_bug.cgi?id=1639076
45715		https://www.exploit-db.com/exploits/45715/
912007		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912007
ASA-201811-11		https://security.archlinux.org/ASA-201811-11
AVG-789		https://security.archlinux.org/AVG-789
commits		https://github.com/systemd/systemd/pull/10517/commits
CVE-2018-15687	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
CVE-2018-15687	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/45715.txt
GLSA-201810-10		https://security.gentoo.org/glsa/201810-10
USN-3816-1		https://usn.ubuntu.com/3816-1/

Data source	Exploit-DB
Date added	Oct. 29, 2018
Description	systemd - 'chown_one()' Dereference Symlinks
Ransomware campaign use	Known
Source publication date	Oct. 29, 2018
Exploit type	local
Platform	linux
Source update date	Nov. 17, 2018
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1689

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15687.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/systemd/systemd/pull/10517/commits

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:48:02Z/ Found at https://github.com/systemd/systemd/pull/10517/commits

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201810-10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:48:02Z/ Found at https://security.gentoo.org/glsa/201810-10

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3816-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:48:02Z/ Found at https://usn.ubuntu.com/3816-1/

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/45715/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:48:02Z/ Found at https://www.exploit-db.com/exploits/45715/

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105748

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:48:02Z/ Found at http://www.securityfocus.com/bid/105748

Exploit Prediction Scoring System (EPSS)

Percentile	0.55955
EPSS Score	0.00332
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:12:11.002507+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201810-10	38.0.0