CVE-2019-9649

{"id": "CVE-2019-9649", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-03-22T20:29:00.557", "references": [{"url": "http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/22", "source": "cve@mitre.org"}, {"url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/107449", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2019/Mar/25", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46534", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/22", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/107449", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/fulldisclosure/2019/Mar/25", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/46534", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\\..\\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date."}, {"lang": "es", "value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Mediante el uso del comando MDTM FTP, un atacante remoto puede emplear una t\u00e9cnica de salto de directorio (..\\..\\) para navegar fuera del directorio root para determinar la existencia de un archivo en el sistema operativo, as\u00ed como su fecha de \u00faltima modificaci\u00f3n."}], "lastModified": "2024-11-21T04:52:03.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}