Vulnerability Details : CVE-2018-6317
Public exploit exists!
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2018-6317
- cpe:2.3:a:claymore_dual_miner_project:claymore_dual_miner:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-6317
17.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-6317
-
Claymore Dual GPU Miner Format String dos attack
Disclosure Date: 2018-02-06First seen: 2020-04-26auxiliary/dos/tcp/claymore_dosClaymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. Authors: - res1n - bluebird
CVSS scores for CVE-2018-6317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.9
|
5.2
|
NIST |
CWE ids for CVE-2018-6317
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6317
-
https://www.exploit-db.com/exploits/43972/
Claymore Dual GPU Miner 10.5 - Format StringExploit;Third Party Advisory;VDB Entry
-
https://medium.com/@res1n/claymore-dual-gpu-miner-10-5-format-strings-vulnerability-916ab3d2db30
Cryptominer Disclosure: Claymore Dual Gpu Miner Format Strings VulnerabilityExploit;Third Party Advisory
Jump to