CVE-2019-9648 - Vulnerability Details - OpenCVE

Description

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.

Published: 2019-03-22

Score: 5.3 Medium

EPSS: 19.7% Moderate

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-w393-h95m-f879	CoreFTP Directory Traversal

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.19727.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/Aug/21
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509
http://www.securityfocus.com/bid/107446
https://seclists.org/fulldisclosure/2019/Mar/23
https://www.exploit-db.com/exploits/46535

History

No history.

Subscriptions

Coreftp Core Ftp

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-22T18:49:47.000Z

Updated: 2024-08-04T21:54:45.132Z

Reserved: 2019-03-10T00:00:00.000Z

Link: CVE-2019-9648

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-22T19:29:00.480

Modified: 2024-11-21T04:52:02.910

Link: CVE-2019-9648

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-03-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-26T17:06:11.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "107446", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107446"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107446"}, {"name": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "refsource": "CONFIRM", "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"name": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:45.132Z"}, "title": "CVE Program Container", "references": [{"name": "107446", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107446"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9648", "datePublished": "2019-03-22T18:49:47.000Z", "dateReserved": "2019-03-10T00:00:00.000Z", "dateUpdated": "2024-08-04T21:54:45.132Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}, {"lang": "es", "value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Existe una vulnerabilidad de salto de directorio empleando el comando SIZE junto con una subcadena \\..\\..\\, lo que permite que un atacante enumere la existencia de archivos bas\u00e1ndose en la informaci\u00f3n devuelta."}], "id": "CVE-2019-9648", "lastModified": "2024-11-21T04:52:02.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-22T19:29:00.480", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107446"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46535"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}