Lucene search

MitreCVE-2018-1000532

HistoryJun 26, 2018 - 4:29 p.m.

CVE-2018-1000532

2018-06-2616:29:01

CWE-22

mitre

web.nvd.nist.gov

cve-2018-1000532

beep

vulnerability

external control

file name

path

local unprivileged user

arbitrary programs

dos

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

9.9%

JSON

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.

Affected configurations

Nvd

Node

beep_projectbeepMatch1.3

VendorProductVersionCPE
beep_projectbeep1.3cpe:2.3:a:beep_project:beep:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
beep_project	beep	1.3	cpe:2.3:a:beep_project:beep:1.3:::::::*

References

github.com/johnath/beep/issues/11#issuecomment-379514298

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVE-2018-1000532