Vyos vulnerabilities
3 known vulnerabilities affecting vyos/vyos.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2018-18556P2CRITICALCVSS 9.9PoCv1.1.82018-12-17
CVE-2018-18556 [CRITICAL] CVE-2018-18556: A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows ope
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spaw
nvd
CVE-2018-18555P2CRITICALCVSS 9.9v1.1.82018-12-17
CVE-2018-18555 [CRITICAL] CWE-78 CVE-2018-18555: A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for o
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbit
nvd
CVE-2025-30095P3CRITICALCVSS 9.0fixed in 1.4.2≥ 1.5, < 1.5-stream-2025-Q22025-03-31
CVE-2025-30095 [CRITICAL] CWE-321 CVE-2025-30095: VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with
VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon. I n VyOS, this is not the default conf
nvd