CVE-2018-18555

Name of the Vulnerable Software and Affected Versions VyOS version 1.1.8

Description A sandbox escape issue was discovered, allowing an authenticated operator user to break out of the restricted management shell by issuing certain shell special characters with commands. This enables the user to gain access to the underlying Linux shell and run arbitrary operating system commands with their account privileges.

Recommendations For VyOS version 1.1.8, consider restricting access to the management shell until a patch is available, and limit the use of shell special characters in commands to minimize the risk of exploitation.