CVE-2018-18555
CRITICALVyOS 1.1.8 - Authenticated OS Command Injection via Management Shell Escape
Title source: llmDescription
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases
Scores
CVSS v3
9.9
EPSS
0.0177
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
vyos/vyos
1.1.8
Published
Dec 17, 2018
Tracked Since
Feb 18, 2026