7.5
CVE-2018-1000049
- EPSS 77.3%
- Veröffentlicht 09.02.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginNanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nanopool ≫ Claymore Dual Miner Version <= 7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 77.3% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html
http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html
http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://twitter.com/ReverseBrain/status/951850534985662464
https://www.exploit-db.com/exploits/44638/
https://www.exploit-db.com/exploits/45044/