CVE-2018-1000161 — MEDIUM (5.7)

Vulnerability Description

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.

CVSS Score

5.7

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nmap	Nmap	6.49

Related Weaknesses (CWE)

CWE-22

References

https://nmap.org/changelog.htmlVendor Advisory
https://nmap.org/changelog.htmlVendor Advisory

FAQ

What is CVE-2018-1000161?

CVE-2018-1000161 is a vulnerability with a CVSS score of 5.7 (MEDIUM). nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is runni...

How severe is CVE-2018-1000161?

CVE-2018-1000161 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000161?

Check the references section above for vendor advisories and patch information. Affected products include: Nmap Nmap.