A FTP server running on the remote host is possibly affected by multiple vulnerabilities :
FTP server does not properly validate the length of the USER command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31886)
FTP server does not properly validate the length of the PWD/XPWD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31887)
FTP server does not properly validate the length of the MKD/XMKD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31888)
Note that Nessus reports these vulnerabilities based on the presence of the Nucleus FTP server. These vulnerabilities might have been mitigated.
Binary data nucleus_ftp_multiple_vulns.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
nucleus_net | nucleus_net | x-cpe:/a:nucleus_net:nucleus_net |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31888
www.nessus.org/u?3b174710
cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
us-cert.cisa.gov/ics/advisories/icsa-21-313-03