Sign-up

ID

VAR-201212-0396


TITLE

FreeFTPD 'SFTP' Authentication Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-7697 // CNNVD: CNNVD-201212-031

DESCRIPTION

FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. An authentication bypass vulnerability exists in FreeFTPD. A remote attacker exploited the vulnerability to bypass the authentication mechanism and gain unauthorized access. There are vulnerabilities in the FreeFTPD 1.0.11 release, and other versions may be affected. FreeFTPD is prone to an authentication-bypass vulnerability

Trust: 0.81

sources: CNVD: CNVD-2012-7697 // BID: 56782

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7697

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2012-7697

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2012-7697
value: HIGH

Trust: 0.6

CNVD: CNVD-2012-7697
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2012-7697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-031

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201212-031

EXTERNAL IDS

db:BIDid:56782

Trust: 1.5

db:CNVDid:CNVD-2012-7697

Trust: 0.6

db:CNNVDid:CNNVD-201212-031

Trust: 0.6

sources: CNVD: CNVD-2012-7697 // BID: 56782 // CNNVD: CNNVD-201212-031

REFERENCES

url:http://www.securityfocus.com/bid/56782

Trust: 1.2

url:http://freeftpd.com/

Trust: 0.3

sources: CNVD: CNVD-2012-7697 // BID: 56782 // CNNVD: CNNVD-201212-031

CREDITS

Kingcope

Trust: 0.9

sources: BID: 56782 // CNNVD: CNNVD-201212-031

SOURCES

db:CNVDid:CNVD-2012-7697
db:BIDid:56782
db:CNNVDid:CNNVD-201212-031

LAST UPDATE DATE

2022-05-17T02:04:42.023000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-7697date:2012-12-05T00:00:00
db:BIDid:56782date:2012-12-02T00:00:00
db:CNNVDid:CNNVD-201212-031date:2012-12-05T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-7697date:2012-12-05T00:00:00
db:BIDid:56782date:2012-12-02T00:00:00
db:CNNVDid:CNNVD-201212-031date:2012-12-05T00:00:00