CVE-2019-12144

Name of the Vulnerable Software and Affected Versions Progress ipswitch WS FTP Server versions prior to 8.6.1

Description An issue was discovered in SSHServerAPI.dll, allowing attackers to abuse a path traversal vulnerability using the SCP protocol. This could potentially lead to remote code execution by crafting a payload that abuses the SITE command feature.

Recommendations For versions prior to 8.6.1, update to version 8.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SCP protocol and the SITE command feature until the update is applied.