CVE-2020-5194 - OpenCVE

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cerberusftp	Ftp Server

Configuration 1 [-]

cpe:2.3:a:cerberusftp:ftp_server:8.0:*:*:*:*:*:*:*

References

Link	Resource
https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements	Vendor Advisory
https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-14T13:34:06

Updated: 2020-01-14T13:34:18

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5194

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-14T14:15:11.593

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-5194

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-14T13:34:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"}, {"tags": ["x_refsource_MISC"], "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-5194", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", "refsource": "MISC", "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"}, {"name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", "refsource": "MISC", "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-5194", "datePublished": "2020-01-14T13:34:06", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2020-01-14T13:34:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cerberusftp:ftp_server:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "512C77E7-87AD-474A-AEE3-33530EE13241", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists."}, {"lang": "es", "value": "El endpoint de la API zip en Cerberus FTP Server versi\u00f3n 8, permite a un atacante autenticado sin permiso zip usar la funcionalidad zip por medio de un endpoint API sin restricciones. La comprobaci\u00f3n de permisos inapropiada ocurre cuando se llama al endpoint file/ajax_download_zip/zip_name. El resultado es que un usuario sin permisos puede comprimir y descargar archivos inclusive si no tiene permiso para visualizar si el archivo existe."}], "id": "CVE-2020-5194", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T14:15:11.593", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}