NewStart CGSL MAIN 4.05 : dhcp Vulnerability (NS-SA-2019-0129)
High Nessus Plugin ID 127381
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version MAIN 4.05, has dhcp packages installed that are affected by a vulnerability:
- A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL dhcp packages. Note that updated packages may not be available yet. Please contact ZTE for more information.