CVE-2018-20587
published 2019-02-11CVE-2018-20587: Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit…
PriorityP424medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
EPSS
0.35%
26.8th percentile
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitcoin | bitcoin_core | 0.12.0 – 0.17.1 | — |
| bitcoinknots | bitcoin_knots | 0.12.0 – 0.17.0 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78bhttps://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b
2019-02-11
Published