How severe is CVE-2018-1113?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2018-1113?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2018-1113 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Related Vulnerabilities

CVE-2016-5063

MEDIUM

CVSS:5.3(Medium)

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vector...

CWE-2852016

CVE-2016-7651

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intend...

CWE-2852016

CVE-2016-9938

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip...

CWE-2852016

CVE-2018-3778

MEDIUM

CVSS:5.3(Medium)

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

CWE-2852018

CVE-2018-3829

MEDIUM

CVSS:5.3(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous run...

CWE-2852018

CVE-2019-15990

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based m...

CWE-2852019