1. Home
  2. CVE Database
  3. CVE-2020-9470
HIGH · 7.8

CVE-2020-9470

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin di...

Vulnerability Description

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
WftpserverWing Ftp Server<= 6.2.5

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2020-9470?

CVE-2020-9470 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin di...

How severe is CVE-2020-9470?

CVE-2020-9470 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9470?

Check the references section above for vendor advisories and patch information. Affected products include: Wftpserver Wing Ftp Server.