CVE-2018-1000161 - OpenCVE

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nmap	Nmap

Configuration 1 [-]

OR	cpe:2.3:a:nmap:nmap:6.49:beta6::::::
	cpe:2.3:a:nmap:nmap:7.00:::::::*
	cpe:2.3:a:nmap:nmap:7.01:::::::*
	cpe:2.3:a:nmap:nmap:7.10:::::::*
	cpe:2.3:a:nmap:nmap:7.11:::::::*
	cpe:2.3:a:nmap:nmap:7.12:::::::*
	cpe:2.3:a:nmap:nmap:7.25:beta1::::::
	cpe:2.3:a:nmap:nmap:7.25:beta2::::::
	cpe:2.3:a:nmap:nmap:7.30:::::::*
	cpe:2.3:a:nmap:nmap:7.31:::::::*
	cpe:2.3:a:nmap:nmap:7.40:::::::*
	cpe:2.3:a:nmap:nmap:7.50:::::::*
	cpe:2.3:a:nmap:nmap:7.60:::::::*

References

Link	Resource
https://nmap.org/changelog.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-18T19:00:00

Updated: 2018-04-18T18:57:01

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-1000161

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-04-18T19:29:00.503

Modified: 2018-05-24T12:08:03.423

Link: CVE-2018-1000161

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-04-06T00:00:00", "datePublic": "2018-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-18T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nmap.org/changelog.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-04-06T14:09:26.583532", "DATE_REQUESTED": "2018-03-27T14:18:58", "ID": "CVE-2018-1000161", "REQUESTER": "ocve@wolke7.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://nmap.org/changelog.html", "refsource": "MISC", "url": "https://nmap.org/changelog.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000161", "datePublished": "2018-04-18T19:00:00", "dateReserved": "2018-03-27T00:00:00", "dateUpdated": "2018-04-18T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nmap:nmap:6.49:beta6:*:*:*:*:*:*", "matchCriteriaId": "87A2B5F1-2033-411C-83E3-4EDEC00E289B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.00:*:*:*:*:*:*:*", "matchCriteriaId": "EE253986-A47A-4D92-83B1-5014A2208D22", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.01:*:*:*:*:*:*:*", "matchCriteriaId": "B2EB4EC8-8270-4675-9514-AF3668419D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "1E553C8B-8EBD-4846-A7A1-2454DD57601C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "6A7A6DBD-F0F2-4205-9B98-E25809A6E87E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.12:*:*:*:*:*:*:*", "matchCriteriaId": "4D560418-318D-4855-BA20-85D1B6562F3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.25:beta1:*:*:*:*:*:*", "matchCriteriaId": "2BBB311A-7E25-4AE3-833D-C1FEA784A91C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.25:beta2:*:*:*:*:*:*", "matchCriteriaId": "ADF8E1F6-BE1C-4601-A6CF-4D5582C6C6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "FB1A26D7-A223-45F3-A9D5-42C08324B966", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "ABABCD73-B714-4970-8EAA-FF2AB3A225DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "F8F8C0C9-00B8-4BA9-BA8B-D0FB7A775350", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "A5F4345A-DF4F-4E1A-A313-B285D53981C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:nmap:nmap:7.60:*:*:*:*:*:*:*", "matchCriteriaId": "10541C69-BE34-4F2F-8261-9C4D7FB0CAED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7."}, {"lang": "es", "value": "nmap, de la versi\u00f3n 6.49BETA6 hasta la 7.60, hasta e incluyendo la revisi\u00f3n SVN 37147, contiene una vulnerabilidad de salto de directorio de salto de directorio en el script NSE http-fetch que puede resultar en la sobrescritura de archivos seg\u00fan el usuario lo ejecuta. Este ataque parece ser explotable mediante una v\u00edctima que ejecuta el script NSE http-fetch contra un sitio web malicioso. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 7.7."}], "id": "CVE-2018-1000161", "lastModified": "2018-05-24T12:08:03.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-18T19:29:00.503", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nmap.org/changelog.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}