CVE-2018-6317
published 2018-02-02CVE-2018-6317: The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote…
PriorityP267critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
EXPLOIT
EPSS
44.31%
98.6th percentile
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| claymore_dual_miner_project | claymore_dual_miner | <= 10.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor TCP port 3333 for inbound JSON-RPC requests containing format string specifiers (e.g., %n, %s, %p) in the 'method' field, which indicates active exploitation of CVE-2018-6317. ↗
- →Unauthenticated access to the remote management interface on port 3333 is the attack vector; detect any external/unauthenticated connections to this port on mining hosts. ↗
- ·The vulnerability affects Claymore Dual Miner version 10.5 and earlier only; version 10.6 contains the patch. Ensure miners are updated to 10.6+. ↗
- ·Exposing port 3333 publicly is the primary risk factor; restricting this port to trusted networks eliminates the remote attack surface entirely. ↗
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-02
Published