CVE-2015-7603
published 2015-09-29CVE-2015-7603: Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR…
PriorityP264high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
60.68%
99.0th percentile
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| konicaminolta | ftp_utility | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect FTP RETR commands containing directory traversal sequences ('..\' or '..//') targeting Konica Minolta FTP Utility 1.0 ↗
- →Monitor FTP traffic for RETR commands with traversal strings such as '..//' which are the specific payload patterns used by the Metasploit module for this CVE ↗
- ·Vulnerability is specific to Konica Minolta FTP Utility version 1.0 only; other versions are not confirmed affected ↗
- ·The Metasploit module is classified as an auxiliary scanner/information disclosure module, meaning exploitation requires no authentication and results in arbitrary file read from the server ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Konica Minolta FTP Utility 1.0 - Directory Traversal
exploitdb·2015-09-22
CVE-2015-7603 Konica Minolta FTP Utility 1.0 - Directory Traversal
Konica Minolta FTP Utility 1.0 - Directory Traversal
---
/*
Konica Minolta FTP Utility directory traversal vulnerability
Url: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
Poc: http://shinnai.altervista.org/exploits/SH-0024-20150922.html
*/
Metasploit
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
metasploit
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as '..//'
No writeups or analysis indexed.
2015-09-29
Published