- EPSS 0.08%
- Veröffentlicht 31.03.2025 15:15:44
- Zuletzt bearbeitet 11.04.2025 14:15:24
VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks agai...
CVE-2018-18555
- EPSS 1.45%
- Veröffentlicht 17.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:08
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break ou...
CVE-2018-18556
- EPSS 68.88%
- Veröffentlicht 17.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:08
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator use...