CVE-2018-10900

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
gnomenetwork_manager_vpnc
𝑥
< 1.2.6
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
network-manager-vpnc
bullseye
1.2.6-3
fixed
bookworm
1.2.8-4
fixed
sid
1.2.8-8
fixed
trixie
1.2.8-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
network-manager-vpnc
bionic
Fixed 1.2.4-6ubuntu0.1
released
xenial
Fixed 1.1.93-1ubuntu0.1
released
trusty
Fixed 0.9.8.6-1ubuntu2.1
released
Common Weakness Enumeration
References
https://bugzilla.novell.com/show_bug.cgi?id=1101147
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900
https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html
https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
https://security.gentoo.org/glsa/201808-03
https://www.debian.org/security/2018/dsa-4253
https://www.exploit-db.com/exploits/45313/
https://bugzilla.novell.com/show_bug.cgi?id=1101147
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900
https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html
https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc
https://security.gentoo.org/glsa/201808-03
https://www.debian.org/security/2018/dsa-4253
https://www.exploit-db.com/exploits/45313/