CVE-2022-22836

CVSS V2 Medium 4 CVSS V3 Medium 6.5
Description
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
Overview
  • CVE ID
  • CVE-2022-22836
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-01-10T14:12:57
  • Last Modified Date
  • 2022-01-19T16:15:07
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:* 1 OR 1.2
cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:* 1 OR
cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 6.5
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://yoursecuritybores.me/coreftp-vulnerabilities/ Exploit Third Party Advisory
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 Release Notes Vendor Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 06:37:04 Added to TrackCVE
2022-12-06 06:00:19 2022-01-10T14:12Z 2022-01-10T14:12:57 CVE Published Date updated
2022-12-06 06:00:19 2022-01-19T16:15:07 CVE Modified Date updated
2022-12-06 06:00:19 Analyzed Vulnerability Status updated