VYPR
Vendor

Vyos

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2018-18556CriDec 17, 2018
    risk 0.69cvss 9.9epss 0.15

    A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with…

  • CVE-2018-18555CriDec 17, 2018
    risk 0.64cvss 9.9epss 0.02

    A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and…

  • CVE-2025-30095CriMar 31, 2025
    risk 0.59cvss 9.0epss 0.00

    VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if…