CVE-2018-10057

Published: 05/06/2018 Updated: 27/07/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote malicious user to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

Vulnerable Product	Search on Vulmon	Subscribe to Product
bfgminer bfgminer 5.5.0
cgminer project cgminer 4.10.0

Debian Bug report logs - #900929 CVE-2018-10057 CVE-2018-10058 Package: cgminer; Maintainer for cgminer is Debian Bitcoin Packaging Team <pkg-bitcoin-devel@listsaliothdebianorg>; Source for cgminer is src:cgminer (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 6 Jun 2018 21:03:01 ...

CWE-22 https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057 http://www.openwall.com/lists/oss-security/2018/06/03/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900929 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10057

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect