Security
Headlines
HeadlinesLatestCVEs

Headline

CompleteFTP path traversal flaw allowed attackers to delete server files

Security issue fixed in version 22.1.1 of file transfer software

PortSwigger
#vulnerability#windows#git#auth

James Walker 01 August 2022 at 13:14 UTC

Security issue fixed in version 22.1.1 of file transfer software

A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.

Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.

A security researcher with the handle rgod discovered a flaw in the class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

Read more of the latest enterprise security news

“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.

“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”

The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.

This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.

The Daily Swig has approached EnterpriseDT for comment.

YOU MIGHT ALSO LIKE GitHub Actions workflow flaws provided write access to projects including Logstash

Related news

CVE-2022-2560: ZDI-22-1032

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig