CVE-2020-8634

Exploit

EPSS 0.09%
Veröffentlicht 07.03.2020 00:15:13
Zuletzt bearbeitet 21.11.2024 05:39:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wftpserver ≫ Wing Ftp Server Version6.2.3 SwPlatformlinux

Wftpserver ≫ Wing Ftp Server Version6.2.3 SwPlatformmacos

Wftpserver ≫ Wing Ftp Server Version6.2.3 SwPlatformsolaris

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.253

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-8634

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8634

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8634

EUVD