Is OmniCenter affected by the DHCP Command injection vulnerability?

Short Answer

OmniCenter is NOT vulnerable to this exploit.

Updated: 17 May 2018

In May 2018, A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in CentOS, Fedora, and Red Hat Enterprise Linux. This exploit was cataloged as CVE-2018-1111. Netreo has evaluated this vulnerability and determined that our products are NOT vulnerable to these exploits, and that they pose no increased risk to OmniCenter appliances.

Although our OmniCenter appliances do use a CentOS-based software image, OmniCenter and the underlying KVM image do not use DHCP and do not use the NetworkManager framework. OmniCenter is therefore unaffected by this vulnerability.

OmniCenter also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the OmniCenter Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.