Lucene search

Kaspersky LabKLA10129

HistoryApr 04, 2014 - 12:00 a.m.

KLA10129 ACE vulnerability in Core FTP

2014-04-0400:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

A buffer overflow was found in Core FTP. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network via a specially designed server reply.

Original advisories

Core FTP changelog

Related products

Core-FTP-client

Core-FTP-Server-SFTP-Server

CVE list

CVE-2013-3930 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Core FTP versions before 2.2 build 1785

References

www.coreftp.com/forums/viewtopic.php?t=222102

statistics.securelist.com/

threats.kaspersky.com/en/product/Core-FTP-client/

threats.kaspersky.com/en/product/Core-FTP-Server-SFTP-Server/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

Related for KLA10129