{"containers":{"cna":{"affected":[{"product":"dhcp","vendor":"Red Hat","versions":[{"status":"affected","version":"Red Hat Enterprise Linux 6"},{"status":"affected","version":"Red Hat Enterprise Linux 7"}]},{"product":"dhcp","vendor":"Fedora","versions":[{"status":"affected","version":"Fedora 28"}]}],"datePublic":"2018-05-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol."}],"metrics":[{"cvssV3_0":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2018-11-30T20:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.tenable.com/security/tns-2018-10"},{"name":"FEDORA-2018-5392896132","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/"},{"tags":["x_refsource_CONFIRM"],"url":"https://access.redhat.com/security/vulnerabilities/3442151"},{"name":"104195","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/104195"},{"name":"FEDORA-2018-23ca7a6798","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/"},{"name":"1040912","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1040912"},{"tags":["x_refsource_CONFIRM"],"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"name":"RHSA-2018:1454","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1454"},{"name":"RHSA-2018:1455","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1455"},{"name":"RHSA-2018:1457","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1457"},{"name":"RHSA-2018:1459","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1459"},{"name":"RHSA-2018:1453","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1453"},{"name":"FEDORA-2018-36058ed9f2","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/"},{"name":"RHSA-2018:1524","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1524"},{"name":"RHSA-2018:1456","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1456"},{"name":"RHSA-2018:1461","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1461"},{"name":"44652","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44652/"},{"name":"44890","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44890/"},{"name":"RHSA-2018:1458","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1458"},{"name":"RHSA-2018:1460","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:1460"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T03:51:48.789Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.tenable.com/security/tns-2018-10"},{"name":"FEDORA-2018-5392896132","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://access.redhat.com/security/vulnerabilities/3442151"},{"name":"104195","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/104195"},{"name":"FEDORA-2018-23ca7a6798","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/"},{"name":"1040912","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1040912"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"name":"RHSA-2018:1454","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1454"},{"name":"RHSA-2018:1455","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1455"},{"name":"RHSA-2018:1457","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1457"},{"name":"RHSA-2018:1459","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1459"},{"name":"RHSA-2018:1453","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1453"},{"name":"FEDORA-2018-36058ed9f2","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/"},{"name":"RHSA-2018:1524","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1524"},{"name":"RHSA-2018:1456","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1456"},{"name":"RHSA-2018:1461","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1461"},{"name":"44652","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44652/"},{"name":"44890","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44890/"},{"name":"RHSA-2018:1458","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1458"},{"name":"RHSA-2018:1460","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1460"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2018-1111","datePublished":"2018-05-17T16:00:00.000Z","dateReserved":"2017-12-04T00:00:00.000Z","dateUpdated":"2024-08-05T03:51:48.789Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}