CVE-2018-1000828

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
References
Link Resource
https://github.com/frostwire/frostwire/issues/829 Issue Tracking Third Party Advisory
https://0dd.zone/2018/10/28/frostwire-XXE-MitM/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:frostwire:frostwire:1.9.9:build246:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:1.9.9:build247:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:2.0.7:build263:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.1.6:build166:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.1.6:build167:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.1.7:build168:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.1.8:build169:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.1.9:build172:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.0:build173:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.0:build174:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.1:build175:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.2:build176:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.3:build177:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.3:build178:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.2.4:build179:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build180:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build181:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build182:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build183:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build184:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.0:build185:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.1:build186:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.2:build187:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.2:build188:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.3:build189:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.3:build190:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.3:build193:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.3:build255:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.4:build193:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.4:build194:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.5:build195:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.5:build197:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.5:build198:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.6:build201:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.6:build202:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.7:build203:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.7:build204:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.7:build205:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.3.7:build206:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.0:build207:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.0:build208:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.1:build209:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.1:build210:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.2:build212:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.3:build214:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.4:build215:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.5:build218:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.5:build219:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.5:build220:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.5:build221:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.5:build222:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.6:build223:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.6:build227:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.7:build228:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.7:build229:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.8:build230:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.8:build232:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.8:build233:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.8:build234:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.4.9:build235:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.0:build236:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.1:build238:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.2:build239:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.3:build240:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.4:build241:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.5:build242:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.5:build243:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.8:build244:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.8:build245:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.5.9:build246:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.0:build248:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.1:build249:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.2:build250:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.2:build251:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.3:build252:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.3:build253:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.4:build256:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.5:build257:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.6:build258:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.7:build529:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.6.8:build260:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.0:build261:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.0:build262:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.0:build264:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.0:build265hotfix:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.1:build266:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.1:build267:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.1:build268:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.2:build269:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.2:build270:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.3:build271:*:*:*:desktop:*:*
cpe:2.3:a:frostwire:frostwire:6.7.4:build272:*:*:*:desktop:*:*

Information

Published : 2018-12-20 03:29

Updated : 2019-10-24 12:31


NVD link : CVE-2018-1000828

Mitre link : CVE-2018-1000828

Products Affected
No products.
CWE
CWE-611

Improper Restriction of XML External Entity Reference