PT-2022-11446 · Melag · Melag Ftp Server

Carsten Sandker

Published

2022-06-24

Updated

2022-07-05

CVE-2021-41636

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MELAG FTP Server version 2.2.0.4

Description The issue allows an attacker to use the CWD command to break out of the FTP server's root directory and operate on the entire operating system. The access restrictions of the user running the FTP server apply.

Recommendations For MELAG FTP Server version 2.2.0.4, consider restricting access to the CWD command as a temporary workaround until a patch is available. Additionally, ensure that the FTP server is run with the least privileges necessary to minimize the impact of a potential exploit. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-41636

Affected Products

Melag Ftp Server

PT-2022-11446 · Melag · Melag Ftp Server

CVE-2021-41636

Weakness Enumeration

Related Identifiers

Affected Products

References · 5