CVE-2018-10057

MEDIUM

cgminer 4.10.0-bfgminer 5.5.0 - Path Traversal

Title source: llm
STIX 2.1

Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/06/03/1

Scores

CVSS v3 6.5
EPSS 0.0236
EPSS Percentile 81.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
bfgminer/bfgminer 5.5.0
cgminer_project/cgminer 4.10.0
Published Jun 05, 2018
Tracked Since Feb 18, 2026