CVE-2018-1000828

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 9

CVSS2: 6.8

EPSS Низкий

Описание

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.

Ссылки

https://0dd.zone/2018/10/28/frostwire-XXE-MitM/
Third Party Advisory
https://github.com/frostwire/frostwire/issues/829
Issue Tracking
Third Party Advisory
https://0dd.zone/2018/10/28/frostwire-XXE-MitM/
Third Party Advisory
https://github.com/frostwire/frostwire/issues/829
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:frostwire:frostwire:1.9.9:build246:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:1.9.9:build247:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:2.0.7:build263:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.1.6:build166:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.1.6:build167:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.1.7:build168:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.1.8:build169:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.1.9:build172:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.0:build173:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.0:build174:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.1:build175:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.2:build176:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.3:build177:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.3:build178:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.2.4:build179:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build180:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build181:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build182:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build183:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build184:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.0:build185:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.1:build186:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.2:build187:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.2:build188:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.3:build189:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.3:build190:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.3:build193:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.3:build255:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.4:build193:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.4:build194:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.5:build195:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.5:build197:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.5:build198:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.6:build201:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.6:build202:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.7:build203:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.7:build204:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.7:build205:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.3.7:build206:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.0:build207:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.0:build208:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.1:build209:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.1:build210:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.2:build212:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.3:build214:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.4:build215:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.5:build218:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.5:build219:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.5:build220:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.5:build221:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.5:build222:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.6:build223:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.6:build227:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.7:build228:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.7:build229:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.8:build230:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.8:build232:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.8:build233:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.8:build234:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.4.9:build235:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.0:build236:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.1:build238:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.2:build239:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.3:build240:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.4:build241:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.5:build242:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.5:build243:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.8:build244:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.8:build245:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.5.9:build246:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.0:build248:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.1:build249:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.2:build250:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.2:build251:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.3:build252:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.3:build253:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.4:build256:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.5:build257:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.6:build258:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.7:build529:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.6.8:build260:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.0:build261:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.0:build262:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.0:build264:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.0:build265hotfix:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.1:build266:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.1:build267:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.1:build268:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.2:build269:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.2:build270:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.3:build271:*:*:*:desktop:*:*

cpe:2.3:a:frostwire:frostwire:6.7.4:build272:*:*:*:desktop:*:*

EPSS

Процентиль: 47%

0.00245

Низкий

9 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-82gq-j5jh-598w