PT-2018-4037 · Suse · Suse Linux Enterprise+1

Jon Nelson

Published

2012-01-18

Updated

2019-10-09

CVE-2011-4182

CVSS v3.1

7.3

High

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise sysconfig versions prior to 0.83.7-2.1

Description The issue is related to missing escaping of ESSID values in the sysconfig of SUSE Linux Enterprise. This allows attackers who control an access point to execute arbitrary code.

Recommendations For versions prior to 0.83.7-2.1, update sysconfig to version 0.83.7-2.1 or later to resolve the issue.

Fix

Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

CVE-2011-4182

SUSE-SU-2012_0096-1

SUSE-SU-2012_0231-1

Affected Products

Suse Linux Enterprise

Suse

PT-2018-4037 · Suse · Suse Linux Enterprise+1

CVE-2011-4182

Weakness Enumeration

Related Identifiers

Affected Products

References · 15