CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.

CVSS v3 7.8 HIGH
CVSS v2.0 6.9 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-07 01:15

Updated : 2024-02-04 20:39

NVD link : CVE-2020-9470

Mitre link : CVE-2020-9470

CVE.ORG link : CVE-2020-9470

JSON object : View

Products Affected

wftpserver

wing_ftp_server

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2020-9470", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-03-07T01:15:15.597", "references": [{"url": "https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Wing FTP Server versi\u00f3n 6.2.5, antes de Febrero de 2020. Debido a permisos no seguros cuando se manejan las cookies de sesi\u00f3n, un usuario local puede visualizar el contenido de los directorios session y session_admin, que exponen las cookies de sesi\u00f3n activas dentro de la interfaz Wing FTP HTTP y el panel de administraci\u00f3n. Estas cookies pueden ser usadas para secuestrar sesiones de usuario y administrativas, incluyendo la capacidad de ejecutar comandos Lua como root dentro del panel de administraci\u00f3n."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04B1FA93-C9F9-499A-ADB7-012BC12464E3", "versionEndIncluding": "6.2.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}