CVE-2017-16929 — HIGH (8.1)

Vulnerability Description

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Claymore Dual Miner Project	Claymore Dual Miner	10.1

Related Weaknesses (CWE)

CWE-22 CWE-119

References

http://www.openwall.com/lists/oss-security/2017/12/04/3Mailing List
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929Third Party Advisory
https://www.exploit-db.com/exploits/43231/ExploitThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2017/12/04/3Mailing List
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929Third Party Advisory
https://www.exploit-db.com/exploits/43231/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-16929?

CVE-2017-16929 is a vulnerability with a CVSS score of 8.1 (HIGH). The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a rem...

How severe is CVE-2017-16929?

CVE-2017-16929 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16929?

Check the references section above for vendor advisories and patch information. Affected products include: Claymore Dual Miner Project Claymore Dual Miner.