What is CVE-2018-18556?

CVE-2018-18556 is a vulnerability in N/a. Published 2018-12-17.

Is CVE-2018-18556 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-18556

A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious o…

EPSS: 0.689 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
mirchr/security-research

References

blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-n… (x_refsource_CONFIRM)
blog.mirch.io/2018/11/05/cve-2018-18556-vyos-privilege-escalation-via-sudo-pppd… (x_refsource_MISC)
packetstormsecurity.com/files/159234/VyOS-restricted-shell-Escape-Privilege-Esc… (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-18556?: CVE-2018-18556 is a vulnerability in N/a. Published 2018-12-17.
Is CVE-2018-18556 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.