nvd-json-data-feeds/CVE-2020/CVE-2020-51xx/CVE-2020-5196.json

{
  "id": "CVE-2020-5196",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-01-14T14:15:11.657",
  "lastModified": "2024-11-21T05:33:39.630",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission."
    },
    {
      "lang": "es",
      "value": "Cerberus FTP Server Enterprise Edition versiones anteriores a 11.0.3 y 10.0.18, permite a un atacante autenticado crear archivos, mostrar archivos ocultos, enumerar directorios y listar  archivos sin el permiso para comprimir y descargar (o descomprimir y cargar) archivos. Existen varias maneras de omitir determinados permisos utilizando las funcionalidades de descompresi\u00f3n y descompresi\u00f3n. Como resultado, los usuarios sin permiso pueden visualizar archivos, carpetas y archivos ocultos, y pueden crear directorios sin permiso."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "baseScore": 5.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "10.0.0",
              "versionEndExcluding": "10.0.18",
              "matchCriteriaId": "EFF5C67B-51D9-4697-A074-774EE8862C23"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cerberusftp:ftp_server:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.0.0",
              "versionEndExcluding": "11.0.3",
              "matchCriteriaId": "2117BBC5-1552-46A0-BCD6-C7352F8D5271"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}