CVE-2001-1043
published 2001-07-01CVE-2001-1043: ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
PriorityP425high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.32%
87.1th percentile
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| argosoft | ftp_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Windows Shortcut Following (.LNK)
mitre_cwe·CVSS 7.5
[HIGH] CWE-64 Windows Shortcut Following (.LNK)
CWE-64: Windows Shortcut Following (.LNK)
The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Modes of Introduction:
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories. The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.
Potential Mitigations:
[Architecture and Design] Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent a
CWE
Improper Link Resolution Before File Access ('Link Following')
mitre_cwe
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-59: Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Background: Soft links are a UNIX term that is synonymous with simple shortcuts on Windows-based platforms.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity, Access Control. Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism. An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpe
http://www.osvdb.org/1886http://www.securityfocus.com/archive/1/194445http://www.securityfocus.com/bid/2961https://exchange.xforce.ibmcloud.com/vulnerabilities/6760http://www.osvdb.org/1886http://www.securityfocus.com/archive/1/194445http://www.securityfocus.com/bid/2961https://exchange.xforce.ibmcloud.com/vulnerabilities/6760
2001-07-01
Published