CVE-2019-9648 - OpenCVE

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Coreftp	Core Ftp

Configuration 1 [-]

cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/Aug/21
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509	Product Vendor Advisory
http://www.securityfocus.com/bid/107446	Third Party Advisory VDB Entry
https://seclists.org/fulldisclosure/2019/Mar/23	Exploit Mailing List Third Party Advisory
https://www.exploit-db.com/exploits/46535	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-22T18:49:47

Updated: 2019-08-26T17:06:11

Reserved: 2019-03-10T00:00:00

Link: CVE-2019-9648

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-22T19:29:00.480

Modified: 2019-08-26T07:15:10.587

Link: CVE-2019-9648

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-26T17:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "107446", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107446"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107446"}, {"name": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "refsource": "CONFIRM", "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"name": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9648", "datePublished": "2019-03-22T18:49:47", "dateReserved": "2019-03-10T00:00:00", "dateUpdated": "2019-08-26T17:06:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}, {"lang": "es", "value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Existe una vulnerabilidad de salto de directorio empleando el comando SIZE junto con una subcadena \\..\\..\\, lo que permite que un atacante enumere la existencia de archivos bas\u00e1ndose en la informaci\u00f3n devuelta."}], "id": "CVE-2019-9648", "lastModified": "2019-08-26T07:15:10.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-22T19:29:00.480", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107446"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46535"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}