CVE-2018-1000049 - Vulnerability Details - OpenCVE

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nanopool	Claymore Dual Miner

Configuration 1 [-]

cpe:2.3:a:nanopool:claymore_dual_miner:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html
http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html
http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://twitter.com/ReverseBrain/status/951850534985662464
https://www.exploit-db.com/exploits/44638/
https://www.exploit-db.com/exploits/45044/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-09T23:00:00

Updated: 2024-08-05T12:33:48.641Z

Reserved: 2018-02-05T00:00:00

Link: CVE-2018-1000049

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-09T23:29:01.683

Modified: 2024-11-21T03:39:31.507

Link: CVE-2018-1000049

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-01-20T00:00:00", "datePublic": "2018-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-30T12:51:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://twitter.com/ReverseBrain/status/951850534985662464"}, {"name": "45044", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45044/"}, {"name": "44638", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44638/"}, {"tags": ["x_refsource_MISC"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"}, {"tags": ["x_refsource_MISC"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "1/20/2018 9:34:40", "ID": "CVE-2018-1000049", "REQUESTER": "reversebrain@protonmail.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://twitter.com/ReverseBrain/status/951850534985662464", "refsource": "MISC", "url": "https://twitter.com/ReverseBrain/status/951850534985662464"}, {"name": "45044", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45044/"}, {"name": "44638", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44638/"}, {"name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/", "refsource": "MISC", "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"}, {"name": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"}, {"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json", "refsource": "MISC", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"}, {"name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution", "refsource": "MISC", "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:33:48.641Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/ReverseBrain/status/951850534985662464"}, {"name": "45044", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45044/"}, {"name": "44638", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44638/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000049", "datePublished": "2018-02-09T23:00:00", "dateReserved": "2018-02-05T00:00:00", "dateUpdated": "2024-08-05T12:33:48.641Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nanopool:claymore_dual_miner:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E536439-677E-4CD1-B973-C55357F91D5A", "versionEndIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled."}, {"lang": "es", "value": "Nanopool Claymore Dual Miner en versiones 7.3 y anteriores contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo abusando de la API miner. El error puede ser explotado solo si el software se ejecuta con el modo read/write habilitado."}], "id": "CVE-2018-1000049", "lastModified": "2024-11-21T03:39:31.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-09T23:29:01.683", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"}, {"source": "cve@mitre.org", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"}, {"source": "cve@mitre.org", "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/ReverseBrain/status/951850534985662464"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/44638/"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/45044/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rapid7.com/db/modules/exploit/multi/misc/claymore_dual_miner_remote_manager_rce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000049.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://twitter.com/ReverseBrain/status/951850534985662464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44638/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/45044/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}