nvd-json-data-feeds/CVE-2021/CVE-2021-416xx/CVE-2021-41636.json

{
  "id": "CVE-2021-41636",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-06-24T12:15:08.113",
  "lastModified": "2022-07-05T14:15:55.163",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply."
    },
    {
      "lang": "es",
      "value": "MELAG FTP Server versi\u00f3n 2.2.0.4, permite a un atacante usar el comando CWD para salir del directorio root del servidor FTP y operar en todo el sistema operativo, mientras son aplicadas las restricciones de acceso del usuario que ejecuta el servidor FTP"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:melag:ftp_server:2.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A4A61A-BD6E-4547-9953-DC80557A253B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ]
    }
  ]
}