CVE-2018-1000161

Published Apr 18, 2018

Last updated 3 days ago

CVSS medium 5.7

Overview

Description: nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.7
Impact score: 3.6
Exploitability score: 2.1
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nmap:nmap:6.49:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87A2B5F1-2033-411C-83E3-4EDEC00E289B"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE253986-A47A-4D92-83B1-5014A2208D22"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2EB4EC8-8270-4675-9514-AF3668419D09"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E553C8B-8EBD-4846-A7A1-2454DD57601C"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A7A6DBD-F0F2-4205-9B98-E25809A6E87E"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D560418-318D-4855-BA20-85D1B6562F3C"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.25:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BBB311A-7E25-4AE3-833D-C1FEA784A91C"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.25:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADF8E1F6-BE1C-4601-A6CF-4D5582C6C6AB"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB1A26D7-A223-45F3-A9D5-42C08324B966"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABABCD73-B714-4970-8EAA-FF2AB3A225DC"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8F8C0C9-00B8-4BA9-BA8B-D0FB7A775350"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5F4345A-DF4F-4E1A-A313-B285D53981C4"
          },
          {
            "criteria": "cpe:2.3:a:nmap:nmap:7.60:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10541C69-BE34-4F2F-8261-9C4D7FB0CAED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References