Is Netreo affected by the DHCP Command injection vulnerability?
  • 11 Jan 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

Is Netreo affected by the DHCP Command injection vulnerability?

  • Dark
    Light
  • PDF

Article summary

Short Answer
No. Netreo is NOT vulnerable to this exploit.

Updated: 17 May 2018

In May 2018, A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in CentOS, Fedora, and Red Hat Enterprise Linux. This exploit was cataloged as CVE-2018-1111. Netreo has evaluated this vulnerability and determined that our products are NOT vulnerable to these exploits, and that they pose no increased risk to Netreo appliances.

Although our Netreo appliances do use a CentOS-based software image, Netreo and the underlying KVM image do not use DHCP and do not use the NetworkManager framework. Netreo is therefore unaffected by this vulnerability.

Netreo also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see theNetreo Appliance Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.


Was this article helpful?