⚠ Exploited in the wild

Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-1111

CWE-77 — Command Injection CWE-78 — OS Command Injection12 documents8 sources

Severity

7.5HIGH

EPSS

89.2%

top 0.47%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Fedora Dhcp RED HAT Dhcp Fedoraproject Fedora +6 more

Timeline

PublishedMay 17

Latest updateMay 13

Description

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5fedora/dhcpFedora 28

▶CVEListV5red_hat/dhcpRed Hat Enterprise Linux 6, Red Hat Enterprise Linux 7+1

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

▶NVDredhat/enterprise_linux_workstation6.0, 7.0+1

Also affects: Enterprise Linux 6.0, 6.4, 6.5, 6.6, 6.7, 7.0, 7.2, 7.3, 7.4, 7.5, Fedora 26, 27, 28

🔴Vulnerability Details

GHSA

GHSA-5jw9-5ff9-vr5p: DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration↗2022-05-13

▶

CVEList

CVE-2018-1111: DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration↗2018-05-17

▶

💥Exploits & PoCs

Exploit-DB

DHCP Client - Command Injection 'DynoRoot' (Metasploit)↗2018-06-13

▶

Exploit-DB

DynoRoot DHCP Client - Command Injection↗2018-05-18

▶

Exploit-DB

RAVPower 2.000.056 - Root Remote Code Execution↗2018-01-24

▶

🔍Detection Rules

Suricata

ET EXPLOIT DynoRoot DHCP - Client Command Injection↗2018-06-29

▶

📋Vendor Advisories

Red Hat

dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script↗2018-05-15

▶

🕵️Threat Intelligence

Unit42

Analysis of the DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)↗2018-07-16

▶

Unit42

Analysis of the DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)↗2018-07-16

▶

💬Community

Bugzilla

CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script [fedora-all]↗2018-05-15

▶

Bugzilla

CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script↗2018-04-16

▶