Lucene search

[email protected]CVE-2018-1000828

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-1000828

2022-10-0316:21:59

CWE-611

[email protected]

web.nvd.nist.gov

518

frostwire

cve-2018-1000828

xxe

vulnerability

man in the middle

disclosure

denial of service

ssrf

port scanning

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.

Affected configurations

NVD

Node

frostwirefrostwireMatch1.9.9build246desktop

frostwirefrostwireMatch1.9.9build247desktop

frostwirefrostwireMatch2.0.7build263desktop

frostwirefrostwireMatch6.1.6build166desktop

frostwirefrostwireMatch6.1.6build167desktop

frostwirefrostwireMatch6.1.7build168desktop

frostwirefrostwireMatch6.1.8build169desktop

frostwirefrostwireMatch6.1.9build172desktop

frostwirefrostwireMatch6.2.0build173desktop

frostwirefrostwireMatch6.2.0build174desktop

frostwirefrostwireMatch6.2.1build175desktop

frostwirefrostwireMatch6.2.2build176desktop

frostwirefrostwireMatch6.2.3build177desktop

frostwirefrostwireMatch6.2.3build178desktop

frostwirefrostwireMatch6.2.4build179desktop

frostwirefrostwireMatch6.3.0build180desktop

frostwirefrostwireMatch6.3.0build181desktop

frostwirefrostwireMatch6.3.0build182desktop

frostwirefrostwireMatch6.3.0build183desktop

frostwirefrostwireMatch6.3.0build184desktop

frostwirefrostwireMatch6.3.0build185desktop

frostwirefrostwireMatch6.3.1build186desktop

frostwirefrostwireMatch6.3.2build187desktop

frostwirefrostwireMatch6.3.2build188desktop

frostwirefrostwireMatch6.3.3build189desktop

frostwirefrostwireMatch6.3.3build190desktop

frostwirefrostwireMatch6.3.3build193desktop

frostwirefrostwireMatch6.3.3build255desktop

frostwirefrostwireMatch6.3.4build193desktop

frostwirefrostwireMatch6.3.4build194desktop

frostwirefrostwireMatch6.3.5build195desktop

frostwirefrostwireMatch6.3.5build197desktop

frostwirefrostwireMatch6.3.5build198desktop

frostwirefrostwireMatch6.3.6build201desktop

frostwirefrostwireMatch6.3.6build202desktop

frostwirefrostwireMatch6.3.7build203desktop

frostwirefrostwireMatch6.3.7build204desktop

frostwirefrostwireMatch6.3.7build205desktop

frostwirefrostwireMatch6.3.7build206desktop

frostwirefrostwireMatch6.4.0build207desktop

frostwirefrostwireMatch6.4.0build208desktop

frostwirefrostwireMatch6.4.1build209desktop

frostwirefrostwireMatch6.4.1build210desktop

frostwirefrostwireMatch6.4.2build212desktop

frostwirefrostwireMatch6.4.3build214desktop

frostwirefrostwireMatch6.4.4build215desktop

frostwirefrostwireMatch6.4.5build218desktop

frostwirefrostwireMatch6.4.5build219desktop

frostwirefrostwireMatch6.4.5build220desktop

frostwirefrostwireMatch6.4.5build221desktop

frostwirefrostwireMatch6.4.5build222desktop

frostwirefrostwireMatch6.4.6build223desktop

frostwirefrostwireMatch6.4.6build227desktop

frostwirefrostwireMatch6.4.7build228desktop

frostwirefrostwireMatch6.4.7build229desktop

frostwirefrostwireMatch6.4.8build230desktop

frostwirefrostwireMatch6.4.8build232desktop

frostwirefrostwireMatch6.4.8build233desktop

frostwirefrostwireMatch6.4.8build234desktop

frostwirefrostwireMatch6.4.9build235desktop

frostwirefrostwireMatch6.5.0build236desktop

frostwirefrostwireMatch6.5.1build238desktop

frostwirefrostwireMatch6.5.2build239desktop

frostwirefrostwireMatch6.5.3build240desktop

frostwirefrostwireMatch6.5.4build241desktop

frostwirefrostwireMatch6.5.5build242desktop

frostwirefrostwireMatch6.5.5build243desktop

frostwirefrostwireMatch6.5.8build244desktop

frostwirefrostwireMatch6.5.8build245desktop

frostwirefrostwireMatch6.5.9build246desktop

frostwirefrostwireMatch6.6.0build248desktop

frostwirefrostwireMatch6.6.1build249desktop

frostwirefrostwireMatch6.6.2build250desktop

frostwirefrostwireMatch6.6.2build251desktop

frostwirefrostwireMatch6.6.3build252desktop

frostwirefrostwireMatch6.6.3build253desktop

frostwirefrostwireMatch6.6.4build256desktop

frostwirefrostwireMatch6.6.5build257desktop

frostwirefrostwireMatch6.6.6build258desktop

frostwirefrostwireMatch6.6.7build529desktop

frostwirefrostwireMatch6.6.8build260desktop

frostwirefrostwireMatch6.7.0build261desktop

frostwirefrostwireMatch6.7.0build262desktop

frostwirefrostwireMatch6.7.0build264desktop

frostwirefrostwireMatch6.7.0build265hotfixdesktop

frostwirefrostwireMatch6.7.1build266desktop

frostwirefrostwireMatch6.7.1build267desktop

frostwirefrostwireMatch6.7.1build268desktop

frostwirefrostwireMatch6.7.2build269desktop

frostwirefrostwireMatch6.7.2build270desktop

frostwirefrostwireMatch6.7.3build271desktop

frostwirefrostwireMatch6.7.4build272desktop

CPENameOperatorVersion
frostwire:frostwirefrostwireeq1.9.9
frostwire:frostwirefrostwireeq2.0.7
frostwire:frostwirefrostwireeq6.1.6
frostwire:frostwirefrostwireeq6.1.7
frostwire:frostwirefrostwireeq6.1.8
frostwire:frostwirefrostwireeq6.1.9
frostwire:frostwirefrostwireeq6.2.0
frostwire:frostwirefrostwireeq6.2.1
frostwire:frostwirefrostwireeq6.2.2
frostwire:frostwirefrostwireeq6.2.3

CPE	Name	Operator	Version
frostwire:frostwire	frostwire	eq	1.9.9
frostwire:frostwire	frostwire	eq	2.0.7
frostwire:frostwire	frostwire	eq	6.1.6
frostwire:frostwire	frostwire	eq	6.1.7
frostwire:frostwire	frostwire	eq	6.1.8
frostwire:frostwire	frostwire	eq	6.1.9
frostwire:frostwire	frostwire	eq	6.2.0
frostwire:frostwire	frostwire	eq	6.2.1
frostwire:frostwire	frostwire	eq	6.2.2
frostwire:frostwire	frostwire	eq	6.2.3

Rows per page:

1-10 of 511

References

0dd.zone/2018/10/28/frostwire-XXE-MitM/

github.com/frostwire/frostwire/issues/829

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

Related for CVE-2018-1000828

cvelist1 osv1 prion1 nvd1