FKIE_CVE-2018-6353

Vulnerability from fkie_nvd - Published: 2018-01-27 15:29 - Updated: 2024-11-21 04:10
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.
References
cve@mitre.orghttps://github.com/spesmilo/electrum/issues/3678Exploit, Issue Tracking, Third Party Advisory
cve@mitre.orghttps://github.com/spesmilo/electrum/pull/3700Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/spesmilo/electrum/issues/3678Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/spesmilo/electrum/pull/3700Third Party Advisory
Impacted products
Vendor Product Version
electrum electrum *
electrum electrum 3.0.0
electrum electrum 3.0.1
electrum electrum 3.0.2
electrum electrum 3.0.3
electrum electrum 3.0.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:electrum:electrum:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D2CEE8-E91B-4EC4-8029-B3A383D65944",
              "versionEndIncluding": "2.9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:electrum:electrum:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B628024B-A496-4180-8DFA-900F8A2D4E03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:electrum:electrum:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23426519-FA35-4B1A-81EB-F23B140A07EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:electrum:electrum:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C318014-C91A-44D9-B21A-34B390CB4FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:electrum:electrum:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33673B3D-7620-48A1-BD6F-2DD7A8096C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:electrum:electrum:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "547E5D84-0ECE-472D-B33E-9D10961E362A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022."
    },
    {
      "lang": "es",
      "value": "La consola Python en Electrum hasta la versi\u00f3n 2.9.4 y las versiones 3.x hasta la 3.0.5 son compatibles con c\u00f3digo Python arbitrario sin considerar (1) ataques de ingenier\u00eda social en los que un usuario pega c\u00f3digo que no entiende y (2) c\u00f3digo pegado por un ataque pr\u00f3ximo f\u00edsicamente en una estaci\u00f3n de trabajo sin atender. Esto facilita que los atacantes roben bitcoins mediante c\u00f3digo de enlace que se ejecuta posteriormente, una vez se ha introducido la contrase\u00f1a. Esta vulnerabilidad es diferente de CVE-2018-1000022."
    }
  ],
  "id": "CVE-2018-6353",
  "lastModified": "2024-11-21T04:10:32.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-27T15:29:00.270",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/spesmilo/electrum/issues/3678"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/spesmilo/electrum/pull/3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/spesmilo/electrum/issues/3678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/spesmilo/electrum/pull/3700"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.