CVE-2022-22836

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509	Release Notes Vendor Advisory
https://yoursecuritybores.me/coreftp-vulnerabilities/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:coreftp:core_ftp::::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_639::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_640::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_641::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_642::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_645::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_647::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_649::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_651::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_653::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_655::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_656::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_657::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_658::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_659::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_665::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_667::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_668::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_671::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_673::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_674::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_676::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_677::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_679::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_682::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_687::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_689::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_691::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_694::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_695::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_697::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_699::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_702::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_704::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_705::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_711::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_713::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_715::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_719::::::
	cpe:2.3:a:coreftp:core_ftp:2.0:build_725::::::

History

19 Jan 2022, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 6.5
CPE		cpe:2.3:a:coreftp:core_ftp:2.0:build_640:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_695:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_647:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_711:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_699:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_697:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_702:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_657:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_725:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_671:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_674:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_677:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_645:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_687:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_668:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_658:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_665:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_691:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_655:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_704:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_639:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_694:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_656:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_713:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_659:::::: cpe:2.3:a:coreftp:core_ftp:::::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_651:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_642:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_653:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_715:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_641:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_705:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_719:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_689:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_673:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_682:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_667:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_676:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_679:::::: cpe:2.3:a:coreftp:core_ftp:2.0:build_649::::::
CWE		CWE-22
References	~~(MISC) https://yoursecuritybores.me/coreftp-vulnerabilities/ -~~	(MISC) https://yoursecuritybores.me/coreftp-vulnerabilities/ - Exploit, Third Party Advisory
References	~~(MISC) http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 -~~	(MISC) http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509 - Release Notes, Vendor Advisory

10 Jan 2022, 14:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-10 14:12

Updated : 2024-02-04 22:08

NVD link : CVE-2022-22836

Mitre link : CVE-2022-22836

CVE.ORG link : CVE-2022-22836

JSON object : View

Products Affected

coreftp

core_ftp

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-22836

6.5^/10

4.0^/10

Attach tags to `CVE-2022-22836`