CVE-2018-18555: OS Command Injection
First published: Mon Dec 17 2018(Updated: )
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vyos | =1.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-18555?
CVE-2018-18555 is classified as a high severity vulnerability due to its potential for unauthorized system access.
How do I fix CVE-2018-18555?
To fix CVE-2018-18555, upgrade to VyOS version later than 1.1.8 where this sandbox escape issue is addressed.
Who is affected by CVE-2018-18555?
CVE-2018-18555 affects users of VyOS version 1.1.8 who utilize the restricted management shell feature.
What kind of impact does CVE-2018-18555 have on system security?
CVE-2018-18555 allows authenticated users to escape the management shell, leading to potential unauthorized access and control of the system.
Is CVE-2018-18555 exploitable by unauthenticated users?
No, CVE-2018-18555 requires authentication as an operator user to exploit the sandbox escape vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vyos
- canonical/vyos
- version/vyos/1.1.8