CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10057

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0270%
EPSS Percentile24.15th
PublishedJun 5, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

Affected Platforms (CPE)

πŸ“¦
Bfgminer

Bfgminer

= 5.5.0
πŸ“¦
Cgminer Project

Cgminer

= 4.10.0

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2018/06/03/1
πŸ”— https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057
πŸ”— http://www.openwall.com/lists/oss-security/2018/06/03/1
πŸ”— https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057

Related Vulnerabilities

CVE-2014-450110.0

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool s...

CVE-2014-450210.0

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner befo...

CVE-2018-100588.8

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary ...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...