Main
Vulnerability Database
Exploits
ID:4864 - Exploit for Command injection in DHCP - CVE-2018-1111
ID:4864 - Exploit for Command injection in DHCP - CVE-2018-1111
Published: November 21, 2020
Vulnerability identifier: #VU12743
Vulnerability risk: Low
CVE-ID: CVE-2018-1111
CWE-ID: CWE-77
Exploitation vector: Local access
Vulnerable software:
DHCP
DHCP
Link to public exploit:
Vulnerability description
The vulnerability allows a physical attacker to execute arbitrary commands with elevated privileges on the target system.
The weakness exists in the NetworkManager integration script due to command injection. A physical attacker can return specially crafted data via dhcp and execute arbitrary commands with root privileges.
The weakness exists in the NetworkManager integration script due to command injection. A physical attacker can return specially crafted data via dhcp and execute arbitrary commands with root privileges.
Remediation
Install update from vendor's website.