PT-2020-10214 · Maxum · Rumpus Ftp

Published

2020-02-10

Updated

2020-02-11

CVE-2019-19667

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Rumpus FTP version 8.2.9.1

Description A CSRF issue exists in the Block Clients component of Web File Manager that could allow an attacker to modify IP address settings, specifically to whitelist or block any IP address, by accessing the RAPR/BlockedClients.html endpoint.

Recommendations For Rumpus FTP version 8.2.9.1, consider restricting access to the RAPR/BlockedClients.html endpoint to prevent unauthorized modifications to IP address settings until a fix is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-19667

Affected Products

Rumpus Ftp

PT-2020-10214 · Maxum · Rumpus Ftp

CVE-2019-19667

Weakness Enumeration

Related Identifiers

Affected Products

References · 4