CVE-2019-9649

Name of the Vulnerable Software and Affected Versions Core FTP version 2.0 Build 674

Description An issue in the SFTP Server component allows a remote attacker to use a directory traversal technique with the MDTM FTP command to browse outside the root directory. This enables the attacker to determine the existence of a file on the operating system and its last modified date.

Recommendations For Core FTP version 2.0 Build 674, consider restricting access to the MDTM FTP command as a temporary workaround until a patch is available. Additionally, limiting directory traversal capabilities can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.