PT-2017-14640 · Claymore · Claymore Dual Gpu Miner

Tintinweb

Published

2017-12-05

Updated

2017-12-21

CVE-2017-16929

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Claymore Dual GPU miner version 10.1

Description The remote management interface is vulnerable to an authenticated directory traversal issue. This can be exploited by issuing a specially crafted request, allowing a remote attacker to read or write arbitrary files. The issue can be triggered via ../ sequences in the pathname to miner file or miner getfile.

Recommendations For Claymore Dual GPU miner version 10.1, consider restricting access to the remote management interface until a fix is available. As a temporary workaround, avoid using the miner file or miner getfile parameters in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-22

Related Identifiers

CVE-2017-16929

Affected Products

Claymore Dual Gpu Miner

PT-2017-14640 · Claymore · Claymore Dual Gpu Miner

CVE-2017-16929

Weakness Enumeration

Related Identifiers

Affected Products

References · 5