First published: Tue Jun 11 2019(Updated: )
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ipswitch Ws Ftp Server | <8.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12146 is a Directory Traversal issue discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1.
The severity of CVE-2019-12146 is critical with a CVSS score of 9.1.
CVE-2019-12146 affects Ipswitch WS FTP Server 2018 before version 8.6.1.
Attackers can abuse the SCP listener by crafting strings with specific patterns to write files and create directories outside of their authorized directory.
Yes, a fix is available for CVE-2019-12146. Users should update their Ipswitch WS FTP Server to version 8.6.1 or later.