CVE-2019-25619 — HIGH (8.4)

Vulnerability Description

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ftpshell	Ftpshell Server	6.83

Related Weaknesses (CWE)

CWE-787

References

http://www.ftpshell.com/index.htmProduct
https://www.exploit-db.com/exploits/46685ExploitThird Party AdvisoryVDB Entry
https://www.vulncheck.com/advisories/ftp-shell-server-buffer-overflow-via-accounThird Party Advisory

FAQ

What is CVE-2019-25619?

CVE-2019-25619 is a vulnerability with a CVSS score of 8.4 (HIGH). FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inj...

How severe is CVE-2019-25619?

CVE-2019-25619 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25619?

Check the references section above for vendor advisories and patch information. Affected products include: Ftpshell Ftpshell Server.