Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Is there any exposure to the DHCP Command injection vulnerability?

Short Answer

No. BMC Helix Network Management is NOT vulnerable to this exploit.

Updated: 17 May 2018

In May 2018, A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in CentOS, Fedora, and Red Hat Enterprise Linux. This exploit was cataloged as CVE-2018-1111. BMC Helix Network Management has evaluated this vulnerability and determined that our products are NOT vulnerable to these exploits, and that they pose no increased risk to BMC Helix Network Management appliances.

Although our BMC Helix Network Management appliances do use a CentOS-based software image, BMC Helix Network Management and the underlying KVM image does not use DHCP and does not use the NetworkManager framework. BMC Helix Network Management is therefore unaffected by this vulnerability.

BMC Helix Network Management also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Appliance Security page for more information.

If you have any concerns, please feel free to contact BMC Helix Support.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management