1. Home
  2. Is Netreo affected by the DHCP Command injection vulnerability?

Is Netreo affected by the DHCP Command injection vulnerability?

Short Answer

Netreo is NOT vulnerable to this exploit.

Updated: 17 May 2018

In May 2018, A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in CentOS, Fedora, and Red Hat Enterprise Linux. This exploit was cataloged as CVE-2018-1111. Netreo has evaluated this vulnerability and determined that our products are NOT vulnerable to these exploits, and that they pose no increased risk to Netreo appliances.

Although our Netreo appliances do use a CentOS-based software image, Netreo and the underlying KVM image do not use DHCP and do not use the NetworkManager framework. Netreo is therefore unaffected by this vulnerability.

Netreo also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Netreo Appliance Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.