CVE-2018-18556

Name of the Vulnerable Software and Affected Versions VyOS version 1.1.8

Description A privilege escalation issue was found, allowing operator users to execute the pppd binary with elevated permissions due to the default configuration. The issue is exacerbated by improper validation of certain input parameters, which a malicious operator user can exploit to spawn a shell with root privileges.

Recommendations For VyOS version 1.1.8, consider restricting the execution of the pppd binary to prevent operator users from running it with elevated permissions as a temporary workaround. Additionally, ensure that all input parameters are properly validated to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.