Headline
CVE-2022-2560: ZDI-22-1032
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
July 28th, 2022
EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability****ZDI-22-1032
ZDI-CAN-17481
CVE ID
CVE-2022-2560
CVSS SCORE
8.2, (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
AFFECTED VENDORS
EnterpriseDT
AFFECTED PRODUCTS
CompleteFTP
VULNERABILITY DETAILS
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.
ADDITIONAL DETAILS
Fixed in version 22.1.1.
DISCLOSURE TIMELINE
- 2022-06-07 - Vulnerability reported to vendor
- 2022-07-28 - Coordinated public release of advisory
CREDIT
rgod
BACK TO ADVISORIES
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Security issue fixed in version 22.1.1 of file transfer software