Lucene search

[email protected]CVE-2014-0605

HistoryFeb 06, 2015 - 11:59 a.m.

CVE-2014-0605

2015-02-0611:59:02

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-0605

directory traversal

vulnerability

rftpcom.dll

activex control

attachmate reflection ftp client

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.495 Medium

EPSS

Percentile

97.5%

JSON

Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.

Affected configurations

NVD

Node

attachmatereflection_ftp_clientRange≤14.1.420

CPENameOperatorVersion
attachmate:reflection_ftp_clientattachmate reflection ftp clientle14.1.420

CPE	Name	Operator	Version
attachmate:reflection_ftp_client	attachmate reflection ftp client	le	14.1.420

References

support.attachmate.com/techdocs/2501.html

www.zerodayinitiative.com/advisories/ZDI-14-290/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.495 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2014-0605

zdi1 nvd1 prion1 cvelist1