A privilege escalation issue exists in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vyos vyos 1.1.8 |