First published: Tue Jan 14 2020(Updated: )
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cerberusftp Ftp Server | >=10.0.0<10.0.18 | |
Cerberusftp Ftp Server | >=11.0.0<11.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cerberus FTP Server Enterprise Edition vulnerability is CVE-2020-5196.
The severity rating of CVE-2020-5196 is 8.1 (high).
Cerberus FTP Server Enterprise Edition versions prior to 11.0.3 and 10.0.18 are affected by CVE-2020-5196.
An authenticated attacker can create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.
To fix CVE-2020-5196 vulnerability, you need to update Cerberus FTP Server Enterprise Edition to version 11.0.3 or 10.0.18.