The ExploitDB site posted a new RCE (remote code execution) attack. This time within an internal network. Metasploit developed an exploit that abuses a vulnerability in a Linux DHCP Client – Command Injection (DynoRoot).
DynoRoot on the move – DHCP server responses
This bug was marked as CVE-2018-111 aka DynoRoot. According to the description on ExploitDB, when an attacker spoofs a DHCP server response, he/she can execute commands with root privileges.
The exploit was published on 13 June 2018 and has a verified status. Other information, i.a., on vulnerable operating servers can be found in the source.
Source: ExploitDB
—
Do you need cybersecurity solutions for your company – then contact us.
