Lucene search

[email protected]CVE-2018-1000049

HistoryFeb 09, 2018 - 11:29 p.m.

CVE-2018-1000049

2018-02-0923:29:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2018-1000049

nanopool

claymore dual miner

remote code execution

vulnerability

miner api

software security

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.653 Medium

EPSS

Percentile

97.9%

JSON

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.

Affected configurations

NVD

Node

nanopoolclaymore_dual_minerRange≤7.3

CPENameOperatorVersion
nanopool:claymore_dual_minernanopool claymore dual minerle7.3

CPE	Name	Operator	Version
nanopool:claymore_dual_miner	nanopool claymore dual miner	le	7.3

References

packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html

packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html

www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce

raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json

reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution

reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/

twitter.com/ReverseBrain/status/951850534985662464

www.exploit-db.com/exploits/44638/

www.exploit-db.com/exploits/45044/

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.653 Medium

EPSS

Percentile

97.9%

JSON

Related for CVE-2018-1000049

packetstorm2 cvelist1 seebug1 prion1 nvd1 securelist1