PT-2020-12037 · Abb · Irc5

Alfonso Glera

Published

2020-07-15

Updated

2020-07-23

CVE-2020-10288

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IRC5 (affected versions not specified)

Description The issue allows unauthorized access to the FTP server on port 21. When attempting to gain access, a request for a username and password is made, but any non-empty input is accepted for these fields.

Recommendations For IRC5, as a temporary workaround, consider restricting access to the FTP server on port 21 until a proper authentication mechanism is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-284

Related Identifiers

CVE-2020-10288

Affected Products

Irc5

PT-2020-12037 · Abb · Irc5

CVE-2020-10288

Weakness Enumeration

Related Identifiers

Affected Products

References · 4