CVE-2019-9648 - Vulnerability Details - OpenCVE

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.22524.

Key SSVC decision points have not yet been added.

Vendors	Products
Coreftp	Core Ftp

Configuration 1 [-]

cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-w393-h95m-f879	CoreFTP Directory Traversal

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html
http://seclists.org/fulldisclosure/2019/Aug/21
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509
http://www.securityfocus.com/bid/107446
https://seclists.org/fulldisclosure/2019/Mar/23
https://www.exploit-db.com/exploits/46535

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-22T18:49:47

Updated: 2024-08-04T21:54:45.132Z

Reserved: 2019-03-10T00:00:00

Link: CVE-2019-9648

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-22T19:29:00.480

Modified: 2024-11-21T04:52:02.910

Link: CVE-2019-9648

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-26T17:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "107446", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107446"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107446"}, {"name": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509", "refsource": "CONFIRM", "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "refsource": "FULLDISC", "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"name": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:45.132Z"}, "title": "CVE Program Container", "references": [{"name": "107446", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107446"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"name": "46535", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46535"}, {"name": "20190311 CVE-2019-9648 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"name": "20190825 CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal (Metasploit) Exploit", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9648", "datePublished": "2019-03-22T18:49:47", "dateReserved": "2019-03-10T00:00:00", "dateUpdated": "2024-08-04T21:54:45.132Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \\..\\..\\ substring, allowing an attacker to enumerate file existence based on the returned information."}, {"lang": "es", "value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Existe una vulnerabilidad de salto de directorio empleando el comando SIZE junto con una subcadena \\..\\..\\, lo que permite que un atacante enumere la existencia de archivos bas\u00e1ndose en la informaci\u00f3n devuelta."}], "id": "CVE-2019-9648", "lastModified": "2024-11-21T04:52:02.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-22T19:29:00.480", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107446"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Aug/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2019/Mar/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46535"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}