SB2018010917 - Multiple vulnerabilities in CPP and Parity Ethereum

Main Vulnerability Database SB2018010917

SB2018010917 - Multiple vulnerabilities in CPP and Parity Ethereum

Published: January 9, 2018 Updated: January 12, 2018

Security Bulletin ID SB2018010917

CSH Severity

Medium

Patch available

NO

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 vulnerabilities.

1) Improper authorization (CVE-ID: CVE-2017-12112)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in admin_addPeer API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

2) Improper authorization (CVE-ID: CVE-2017-12113)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

3) Improper authorization (CVE-ID: CVE-2017-12114)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in admin_peers API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

4) Improper authorization (CVE-ID: CVE-2017-12115)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

5) Improper authorization (CVE-ID: CVE-2017-12116)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

6) Improper authorization (CVE-ID: CVE-2017-12117)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in miner_start API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

7) Improper authorization (CVE-ID: CVE-2017-12118)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization on the target system.

The weakness exists in miner_stop API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.

8) Denial of service (CVE-ID: CVE-2017-12119)

CWE-ID: CWE-248 - Uncaught Exception

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in multiple APIs of CPP-Ethereum's JSON-RPC due to an insufficient validation of user-supplied input. A remote attacker can make a specially crafted JSON request, trigger a unhandled exception and cause the application to crash.

9) Out-of-bounds read (CVE-ID: CVE-2017-14457)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to an insufficient validation of user-supplied input. A remote attacker can create and send a specially crafted smart contract containing malicious code, trigger an out-of-bounds read and gain access to arbitrary data or cause the application to crash.

10) Privilege escalation (CVE-ID: CVE-2017-14460)

CWE-ID: CWE-942 - Overly Permissive Cross-domain Whitelist

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an insufficient validation of user-supplied input. A remote attacker can send JSON object to JSON-RPC endpoint, trick the victim into visiting a specially crafted website, trigger overly permissive cross-domain (CORS) whitelist vulnerability in JSON-RPC and gain elevated privileges to perform further attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References