CVE-2018-1000532

{"id": "CVE-2018-1000532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2018-06-26T16:29:01.853", "references": [{"url": "https://github.com/johnath/beep/issues/11#issuecomment-379514298", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep."}, {"lang": "es", "value": "beep en versiones 1.3 y siguientes contiene una vulnerabilidad de control externo del nombre de archivo o ruta en la opci\u00f3n --device que puede resultar en que un usuario local sin privilegios sea capaz de inhibir la ejecuci\u00f3n de programas arbitrarios por parte de otros usuarios, lo que permite una denegaci\u00f3n de servicio (DoS). El ataque parece ser explotable si el sistema permite que los usuarios locales ejecuten beep."}], "lastModified": "2018-08-30T20:27:00.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beep_project:beep:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B6C0AD8-94BE-4737-8576-CB82265043AF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}