CVE-2018-1000161 Information

Description

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.

Vulnerability Type (CWE)

CWE-22

Published

2018-04-18

Last Modified

2018-05-24

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Base Score

5.7 MEDIUM

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

References

https://nmap.org/changelog.html (Vendor Advisory)