CVE-2019-12815
published 2019-07-19CVE-2019-12815: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
57.61%
99.0th percentile
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.6-6 (bookworm) | proftpd-dfsg 1.3.6-6 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| proftpd | proftpd | <= 1.3.5b | — |
| siemens | simatic_cp_1543-1_firmware | >= 2.0 < 2.2 | 2.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring FTP traffic for CPFR and CPTO command sequences issued by unauthenticated or anonymous users, which are the attack primitives for CVE-2019-12815. ↗
- →Flag ProFTPD installations with anonymous user access enabled, as this configuration allows unauthenticated exploitation of mod_copy via CPFR/CPTO commands. ↗
- →Source installs of ProFTPD from proftpd.org have anonymous user access enabled by default, making them immediately exploitable without credentials; flag these deployments. ↗
- →Identify vulnerable ProFTPD versions: mod_copy was included by default starting with version 1.3.4; all versions from 1.3.4 through at least 1.3.6 are affected. ↗
- →For Siemens SIMATIC CP 1543-1, monitor FTP traffic on port 21/TCP; the embedded ProFTPD FTP server is vulnerable to CVE-2019-12815 in all versions starting at 2.0 and prior to 2.2. ↗
- ·ProFTPD 1.3.6 is also affected and does NOT contain the fix despite some reports; there was no patched release version available at time of disclosure. ↗
- ·EPEL-6 ships proftpd 1.3.3g which does NOT include mod_copy and is therefore not affected by this vulnerability. ↗
- ·The Siemens SIMATIC CP 1543-1 embedded FTP server is disabled in the default configuration; exploitation requires the FTP server to be explicitly enabled. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC CP 1543-1
cisa_ics·2020-02-11·CVSS 9.8
[CRITICAL] Siemens SIMATIC CP 1543-1
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC CP 1543-1
Last RevisedFebruary 11, 2020
Alert CodeICSA-20-042-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SIMATIC CP 1543-1
- Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure without authentication, or unauthenticated denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versi
Debian
CVE-2019-12815: proftpd-dfsg - An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows ...
vendor_debian·2019·CVSS 10.0
CVE-2019-12815 [CRITICAL] CVE-2019-12815: proftpd-dfsg - An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows ...
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
Scope: local
bookworm: resolved (fixed in 1.3.6-6)
bullseye: resolved (fixed in 1.3.6-6)
forky: resolved (fixed in 1.3.6-6)
sid: resolved (fixed in 1.3.6-6)
trixie: resolved (fixed in 1.3.6-6)
GHSA
GHSA-f989-xw5v-4w5p: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1
ghsa_unreviewed·2022-05-24·CVSS 10.0
CVE-2019-12815 [CRITICAL] CWE-755 GHSA-f989-xw5v-4w5p: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
OSV
CVE-2019-12815: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1
osv·2019-07-19·CVSS 10.0
CVE-2019-12815 [CRITICAL] CVE-2019-12815: An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [epel-all]
bugzilla·2019-07-23·CVSS 9.8
CVE-2019-12815 [CRITICAL] CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [epel-all]
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [fedora-all]
bugzilla·2019-07-23·CVSS 9.8
CVE-2019-12815 [CRITICAL] CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [fedora-all]
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects
Bugzilla
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution
bugzilla·2019-07-23·CVSS 10.0
CVE-2019-12815 [CRITICAL] CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution
CVE-2019-12815 proftpd: file copy vulnerability in mod_copy allows for remote code execution
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to (is facilitated by) CVE-2015-3306.
Upstream Issue:
http://bugs.proftpd.org/show_bug.cgi?id=4372
Upstream Patch:
https://github.com/proftpd/proftpd/pull/816
Discussion:
Created proftpd tracking bugs for this issue:
Affects: epel-all [bug 1732367]
Affects: fedora-all [bug 1732366]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Tenable
CVE-2019-12815: Improper Access Control Vulnerability in ProFTPD Disclosed
blogs_tenable·2019-07-23·CVSS 9.8
[CRITICAL] CVE-2019-12815: Improper Access Control Vulnerability in ProFTPD Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://bugs.proftpd.org/show_bug.cgi?id=4372http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttp://www.securityfocus.com/bid/109339https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfhttps://github.com/proftpd/proftpd/pull/816https://lists.debian.org/debian-lts-announce/2019/08/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/https://seclists.org/bugtraq/2019/Aug/3https://security.gentoo.org/glsa/201908-16https://tbspace.de/cve201912815proftpd.htmlhttps://www.debian.org/security/2019/dsa-4491http://bugs.proftpd.org/show_bug.cgi?id=4372http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttp://seclists.org/fulldisclosure/2024/Aug/35http://www.securityfocus.com/bid/109339https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfhttps://github.com/proftpd/proftpd/pull/816https://lists.debian.org/debian-lts-announce/2019/08/msg00006.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/https://seclists.org/bugtraq/2019/Aug/3https://security.gentoo.org/glsa/201908-16https://tbspace.de/cve201912815proftpd.htmlhttps://www.debian.org/security/2019/dsa-4491
2019-07-19
Published