CVE-2018-10057

{"id": "CVE-2018-10057", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-06-05T21:29:00.867", "references": [{"url": "http://www.openwall.com/lists/oss-security/2018/06/03/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2018/06/03/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal)."}, {"lang": "es", "value": "La interfaz de gesti\u00f3n remota de cgminer 4.10.0 y bfgminer 5.5.0 permite que un atacante remoto autenticado escriba en el archivo de configuraci\u00f3n miner en ubicaciones arbitrarias en el servidor debido a la ausencia de restricciones basedir (salto de directorio absoluto)."}], "lastModified": "2024-11-21T03:40:44.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bfgminer:bfgminer:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D567822-B514-4C3C-9BF2-4BB1D2D839D8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cgminer_project:cgminer:4.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC4C143-194F-41D9-A115-E127D9EA2E10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}