Lucene search

VulDBCVELIST:CVE-2022-1958

HistoryJun 15, 2022 - 9:45 a.m.

CVE-2022-1958 FileCloud NTFS access control

2022-06-1509:45:16

CWE-284

VulDB

www.cve.org

filecloud

ntfs

access control

vulnerability

cve-2022-1958

upgrade

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

48.8%

JSON

A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "FileCloud",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "NTFS Handler"
    ]
  }
]

References

vuldb.com/?ctiid.201960

vuldb.com/?id.201960

www.filecloud.com/supportdocs/fcdoc/2v/server/security-advisories/2022-security-advisories/advisory-2022-06-01-potential-unauthorized-data-access-when-using-network-folders-with-ntfs-permissions

www.scip.ch/?news.20220615