shell code injection via ESSID because of missing escaping of a variable
CVE-2011-4182

7.3HIGH

Key Information:

Vendor: Suse Linux Enterprise
Status: Sysconfig
Vendor: CVE Published:; 12 June 2018

🔔 Create Suse Linux Enterprise Vulnerability Alert

What is CVE-2011-4182?

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.

Affected Version(s)

sysconfig < 0.83.7-2.1

References

https://bugzilla.suse.com/show_bug.cgi?id=735394

x_refsource_CONFIRM

https://www.suse.com/security/cve/CVE-2017-15710/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2018
Vulnerability Reserved
Oct 25, 2011

JSON