Описание
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.1.4 (исключая)
Одновременно
cpe:2.3:a:enterprisedt:completeftp_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.26821
Средний
8.8 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
github
почти 4 года назад
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM.
EPSS
Процентиль: 96%
0.26821
Средний
8.8 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-77