PT-2022-11445 · Melag · Melag Ftp Server

Carsten Sandker

Published

2022-06-24

Updated

2022-07-01

CVE-2021-41635

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MELAG FTP Server version 2.2.0.4

Description The issue allows remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system when MELAG FTP Server is installed as a Windows service and run as the SYSTEM user.

Recommendations For MELAG FTP Server version 2.2.0.4, consider running the service under a less privileged user account to minimize the risk of exploitation. Additionally, review and rectify any misconfigurations to prevent abuse of vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-41635

Affected Products

Melag Ftp Server

PT-2022-11445 · Melag · Melag Ftp Server

CVE-2021-41635

Weakness Enumeration

Related Identifiers

Affected Products

References · 5