CVE-2018-10900 HIGH

CVE-2018-10900

Vendor [Unknown]

Product networkmanager-vpnc

Weakness CWE-78

Published July 26, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

Key dates

02Disclosure timeline

July 26, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-10900 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2023-44422 D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices CVE-2023-51625 D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability