CVE-2018-20679
CVE-2018-20679
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 7.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
09 ene 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlhttps://bugs.busybox.net/show_bug.cgi?id=11506https://busybox.net/news.htmlhttp://seclists.org/fulldisclosure/2019/Sep/7https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562chttps://seclists.org/bugtraq/2019/Sep/7https://usn.ubuntu.com/3935-1/