Vulnerability Details : CVE-2018-15686
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Vulnerability category: Gain privilege
Exploit prediction scoring system (EPSS) score for CVE-2018-15686
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 62 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-15686
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Canonical Ltd. |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-15686
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15686
-
https://usn.ubuntu.com/3816-1/
USN-3816-1: systemd vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image - Pony MailMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/45714/
systemd - 'reexec' State InjectionExploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:2091
RHSA-2019:2091 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/105747
systemd CVE-2018-15686 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3222
RHSA-2019:3222 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201810-10
systemd: Multiple vulnerabilities (GLSA 201810-10) — Gentoo securityThird Party Advisory
-
https://github.com/systemd/systemd/pull/10519
pid1 serialization/deserialization fixes by poettering · Pull Request #10519 · systemd/systemd · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
[SECURITY] [DLA 1580-1] systemd security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0593
RHSA-2020:0593 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2018-15686
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.4.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*