CVE-2018-6353

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/spesmilo/electrum/issues/3678	Exploit Issue Tracking Third Party Advisory
https://github.com/spesmilo/electrum/pull/3700	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:electrum:electrum::::::::
	cpe:2.3:a:electrum:electrum:3.0.0:::::::*
	cpe:2.3:a:electrum:electrum:3.0.1:::::::*
	cpe:2.3:a:electrum:electrum:3.0.2:::::::*
	cpe:2.3:a:electrum:electrum:3.0.3:::::::*
	cpe:2.3:a:electrum:electrum:3.0.5:::::::*

History

No history.

Information

Published : 2018-01-27 15:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-6353

Mitre link : CVE-2018-6353

CVE.ORG link : CVE-2018-6353

JSON object : View

Products Affected

electrum

electrum

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2018-6353", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-01-27T15:29:00.270", "references": [{"url": "https://github.com/spesmilo/electrum/issues/3678", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/spesmilo/electrum/pull/3700", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022."}, {"lang": "es", "value": "La consola Python en Electrum hasta la versi\u00f3n 2.9.4 y las versiones 3.x hasta la 3.0.5 son compatibles con c\u00f3digo Python arbitrario sin considerar (1) ataques de ingenier\u00eda social en los que un usuario pega c\u00f3digo que no entiende y (2) c\u00f3digo pegado por un ataque pr\u00f3ximo f\u00edsicamente en una estaci\u00f3n de trabajo sin atender. Esto facilita que los atacantes roben bitcoins mediante c\u00f3digo de enlace que se ejecuta posteriormente, una vez se ha introducido la contrase\u00f1a. Esta vulnerabilidad es diferente de CVE-2018-1000022."}], "lastModified": "2018-02-15T16:32:58.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:electrum:electrum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D2CEE8-E91B-4EC4-8029-B3A383D65944", "versionEndIncluding": "2.9.4"}, {"criteria": "cpe:2.3:a:electrum:electrum:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B628024B-A496-4180-8DFA-900F8A2D4E03"}, {"criteria": "cpe:2.3:a:electrum:electrum:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23426519-FA35-4B1A-81EB-F23B140A07EE"}, {"criteria": "cpe:2.3:a:electrum:electrum:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C318014-C91A-44D9-B21A-34B390CB4FF8"}, {"criteria": "cpe:2.3:a:electrum:electrum:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33673B3D-7620-48A1-BD6F-2DD7A8096C06"}, {"criteria": "cpe:2.3:a:electrum:electrum:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "547E5D84-0ECE-472D-B33E-9D10961E362A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}