CVE-2005-3057 — Fortinet Fortios vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.9%

top 16.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortigate

Timeline

PublishedDec 31

Latest updateMay 1

Description

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDfortinet/fortios2.8_mr10+1

▶NVDfortinet/fortigate2.8

🔴Vulnerability Details

GHSA

GHSA-xf9f-9v6p-v639: The FTP component in FortiGate 2↗2022-05-01

▶

CVEList

CVE-2005-3057: The FTP component in FortiGate 2↗2006-02-14

▶