Vulnerability Details CVE-2018-10057
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-10057
-
cpe:2.3:a:bfgminer:bfgminer:5.5.0
-
cpe:2.3:a:cgminer_project:cgminer:4.10.0