CVE-2018-1000049
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.653 Medium
EPSS
Percentile
97.9%
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nanopool:claymore_dual_miner | nanopool claymore dual miner | le | 7.3 |
References
packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html
packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html
www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce
raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json
reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution
reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
twitter.com/ReverseBrain/status/951850534985662464
www.exploit-db.com/exploits/44638/
www.exploit-db.com/exploits/45044/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.653 Medium
EPSS
Percentile
97.9%