Lucene search

Kaspersky LabKLA10101

HistoryApr 10, 2012 - 12:00 a.m.

KLA10101 SB vulnerabilities in Cerberus FTP Server

2012-04-1000:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

51.6%

JSON

A CSRF vulnerability was found in the Cerberus FTP Server. By exploiting this vulnerability malicious users can hijack the administrators’ auth. This vulnerability can be exploited from the network at a point related to the web interface.

Original advisories

Related products

Cerberus-FTP-Server

CVE list

CVE-2012-2999 high

Solution

Update to latest version

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Cerberus FTP Server versions 5.0.4.0 and earlier

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Cerberus-FTP-Server/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

51.6%

JSON

Related for KLA10101