WS_FTP SITE CPWD Buffer Overflow
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is running a version of WS_FTP FTP server prior to 3.1.2.
Insight
Insight
Versions earlier than 3.1.2 contain an unchecked buffer in routines that handle the 'CPWD' command arguments. The 'CPWD' command allows remote users to change their password. By issuing a malformed argument to the CPWD command, a user could overflow a buffer and execute arbitrary code on this host. Note that a local user account is required.
Solution
Solution
The vendor has released a patch that fixes this issue. Please install the latest patch available from the vendor's website.
Scan for free your assets for this vulnerability + 99,568 other vulnerabilities
It is easy and free to get started with Mageni and it can be installed in Windows, macOS and Linux.
Processing. Please wait...
Free for 7-days then $4 USD monthly regardless of how many IPs, scans, users, or deployments you have. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.