The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client (dhclient) package.A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.