Details of VAR-202206-2017

ID

VAR-202206-2017

CVE

CVE-2021-41636

TITLE

melag of ftp server Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019948

DESCRIPTION

MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. melag of ftp server Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-41636 // JVNDB: JVNDB-2021-019948 // VULMON: CVE-2021-41636

AFFECTED PRODUCTS

vendor:	melag	model:	ftp server	scope:	eq	version:	2.2.0.4	Trust: 1.8
vendor:	melag	model:	ftp server	scope:	-	version:	-	Trust: 0.8
vendor:	melag	model:	ftp server	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-019948 // NVD: CVE-2021-41636

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41636
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-41636
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202206-2469
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-41636
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41636
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-41636
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41636
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-41636 // JVNDB: JVNDB-2021-019948 // CNNVD: CNNVD-202206-2469 // NVD: CVE-2021-41636

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019948 // NVD: CVE-2021-41636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2469

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202206-2469

PATCH

title:

MELAG FTP Server Repair measures for path traversal vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198756

Trust: 0.6

sources: CNNVD: CNNVD-202206-2469

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41636	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-019948	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-2469	Trust: 0.6
db:	VULMON	id:	CVE-2021-41636	Trust: 0.1

sources: VULMON: CVE-2021-41636 // JVNDB: JVNDB-2021-019948 // CNNVD: CNNVD-202206-2469 // NVD: CVE-2021-41636

REFERENCES

url:	https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41636	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-41636/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-41636 // JVNDB: JVNDB-2021-019948 // CNNVD: CNNVD-202206-2469 // NVD: CVE-2021-41636

SOURCES

db:	VULMON	id:	CVE-2021-41636
db:	JVNDB	id:	JVNDB-2021-019948
db:	CNNVD	id:	CNNVD-202206-2469
db:	NVD	id:	CVE-2021-41636

LAST UPDATE DATE

2024-08-14T15:06:17.172000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-41636	date:	2022-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-019948	date:	2023-08-29T08:05:00
db:	CNNVD	id:	CNNVD-202206-2469	date:	2022-07-06T00:00:00
db:	NVD	id:	CVE-2021-41636	date:	2022-07-05T14:15:55.163

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-41636	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-019948	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202206-2469	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2021-41636	date:	2022-06-24T12:15:08.113