A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159234/VyOS-restricted-shell-Escape-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://blog.mirch.io/2018/11/05/cve-2018-18556-vyos-privilege-escalation-via-sudo-pppd-for-operator-users/ | Exploit Third Party Advisory |
https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-17T18:00:00
Updated: 2020-09-21T16:06:11
Reserved: 2018-10-22T00:00:00
Link: CVE-2018-18556
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-17T19:29:00.627
Modified: 2023-01-20T15:28:06.240
Link: CVE-2018-18556
JSON object: View
Redhat Information
No data.
CWE