logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2018-18556

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2018-18556

Description:
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
Last updated date:
01/20/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
09/21/2020
Reference url to background

https://blog.mirch.io/2018/11/05/cve-2018-18556-vyos-privilege-escalation-via-sudo-pppd-for-operator-users/

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/21/2020
Type:
exploit
Confidence:
HIGH
Date of publishing:
08/27/2021
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/20/2023
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy