Описание
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8_mr10 (включая)Версия до 3_beta (включая)
Одно из
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:h:fortinet:fortigate:2.8:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01881
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
почти 4 года назад
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.
EPSS
Процентиль: 83%
0.01881
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-noinfo