Details of VAR-202206-1951

ID

VAR-202206-1951

CVE

CVE-2021-41635

TITLE

melag of ftp server Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019949

DESCRIPTION

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. melag of ftp server There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-41635 // JVNDB: JVNDB-2021-019949 // VULMON: CVE-2021-41635

AFFECTED PRODUCTS

vendor:	melag	model:	ftp server	scope:	eq	version:	2.2.0.4	Trust: 1.8
vendor:	melag	model:	ftp server	scope:	-	version:	-	Trust: 0.8
vendor:	melag	model:	ftp server	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-019949 // NVD: CVE-2021-41635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41635
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41635
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202206-2472
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41635
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-41635
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-41635
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41635
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-41635 // JVNDB: JVNDB-2021-019949 // CNNVD: CNNVD-202206-2472 // NVD: CVE-2021-41635

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.0
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019949 // NVD: CVE-2021-41635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2472

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2472

PATCH

title:

MELAG FTP Server Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198629

Trust: 0.6

sources: CNNVD: CNNVD-202206-2472

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41635	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-019949	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-2472	Trust: 0.6
db:	VULMON	id:	CVE-2021-41635	Trust: 0.1

sources: VULMON: CVE-2021-41635 // JVNDB: JVNDB-2021-019949 // CNNVD: CNNVD-202206-2472 // NVD: CVE-2021-41635

REFERENCES

url:	https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41635	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-41635/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/276.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-41635 // JVNDB: JVNDB-2021-019949 // CNNVD: CNNVD-202206-2472 // NVD: CVE-2021-41635

SOURCES

db:	VULMON	id:	CVE-2021-41635
db:	JVNDB	id:	JVNDB-2021-019949
db:	CNNVD	id:	CNNVD-202206-2472
db:	NVD	id:	CVE-2021-41635

LAST UPDATE DATE

2024-08-14T14:31:08.848000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-41635	date:	2022-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-019949	date:	2023-08-29T08:05:00
db:	CNNVD	id:	CNNVD-202206-2472	date:	2022-07-04T00:00:00
db:	NVD	id:	CVE-2021-41635	date:	2022-07-01T16:40:20.960

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-41635	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-019949	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202206-2472	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2021-41635	date:	2022-06-24T12:15:08.063