CVE-2011-4182 HIGH

CVE-2011-4182: shell code injection via ESSID because of missing escaping of a variable

Vendor Suse Linux Enterprise
Product sysconfig
Weakness CWE-77
Published June 12, 2018
Last update September 17, 2024

CVSS base score

7.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.

Key dates

02Disclosure timeline

June 12, 2018 CVE published
September 17, 2024 Record updated