CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
51.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.
Vendor | Product | Version | CPE |
---|---|---|---|
cerberusftp | ftp_server | * | cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.0 | cpe:2.3:a:cerberusftp:ftp_server:1.0:-:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.01 | cpe:2.3:a:cerberusftp:ftp_server:1.01:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.1 | cpe:2.3:a:cerberusftp:ftp_server:1.1:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.2 | cpe:2.3:a:cerberusftp:ftp_server:1.2:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.02 | cpe:2.3:a:cerberusftp:ftp_server:1.02:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.03 | cpe:2.3:a:cerberusftp:ftp_server:1.03:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.5 | cpe:2.3:a:cerberusftp:ftp_server:1.5:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.05 | cpe:2.3:a:cerberusftp:ftp_server:1.05:*:*:*:*:*:*:* |
cerberusftp | ftp_server | 1.6 | cpe:2.3:a:cerberusftp:ftp_server:1.6:beta:*:*:*:*:*:* |