First published: Tue Jun 11 2019(Updated: )
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ipswitch Ws Ftp Server | <8.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-12144.
The severity of CVE-2019-12144 is critical with a CVSS score of 9.8.
The vulnerability allows attackers to abuse a path traversal vulnerability using the SCP protocol, potentially leading to remote code execution.
Progress ipswitch WS_FTP Server 2018 versions before 8.6.1 are affected by CVE-2019-12144.
To fix this vulnerability, it is recommended to update to version 8.6.1 or later of Progress ipswitch WS_FTP Server 2018.