CVE-2018-10900 log

Severity High
Remote No
Type Privilege escalation
When initiating a VPNC connection, Network Manager spawns a new vpnc process and passes the configuration via STDIN. By injecting a \n character into a configuration parameter, an attacker can coerce Network Manager to set the Password helper option to an attacker controlled executable file.
Group Package Affected Fixed Severity Status Ticket
AVG-739 networkmanager-vpnc 1.2.4-3 1.2.6-1 High Fixed
Date Advisory Group Package Severity Type
20 Jul 2018 ASA-201807-13 AVG-739 networkmanager-vpnc High privilege escalation