CVE-2020-5196
First published: Tue Jan 14 2020(Updated: )
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cerberusftp Ftp Server | >=10.0.0<10.0.18 | |
| Cerberusftp Ftp Server | >=11.0.0<11.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cerberus FTP Server Enterprise Edition vulnerability?
The vulnerability ID for this Cerberus FTP Server Enterprise Edition vulnerability is CVE-2020-5196.
What is the severity rating of CVE-2020-5196?
The severity rating of CVE-2020-5196 is 8.1 (high).
Which versions of Cerberus FTP Server Enterprise Edition are affected by CVE-2020-5196?
Cerberus FTP Server Enterprise Edition versions prior to 11.0.3 and 10.0.18 are affected by CVE-2020-5196.
What are the potential consequences of CVE-2020-5196?
An authenticated attacker can create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.
How can I fix CVE-2020-5196 vulnerability in Cerberus FTP Server Enterprise Edition?
To fix CVE-2020-5196 vulnerability, you need to update Cerberus FTP Server Enterprise Edition to version 11.0.3 or 10.0.18.
- collector/nvd-index
- agent/event
- vendor/cerberusftp
- canonical/cerberusftp ftp server
- version/cerberusftp ftp server/10.0.0
- version/cerberusftp ftp server/11.0.0