Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.
References
Link | Resource |
---|---|
https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-03-06 16:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-8635
Mitre link : CVE-2020-8635
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
wftpserver
- wing_ftp_server