Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An unauthenticated attacker with network access to an affected client can easily run malicious commands with root privileges. An attacker can gain complete control of a device and entry into your network for further attacks.
Kill Chain
Risk Score
83
The Red Hat DHCP client package includes a NetworkManager integration script, which is a daemon for managing network connections and configurations. NetworkManager is also susceptible to command injection in specific Red Hat versions. An attacker with local network access, or control of a malicious DHCP server, spoofs a DHCP response with a malformed Web Proxy Auto-Discovery (WPAD) parameter (option 252) to an affected client. This malformed parameter enables the attacker to inject malicious shell commands that run root-privileged arbitrary commands on the affected client.
Install relevant patches for affected software versions
Disable or remove the affected NetworkManager integration script; however, disabling the script can interfere with DHCP functionality relating to services such as Network Time Protocol (NTP) or Network Information Service (NIS)
