CVE-2021-41635

Published: Jun 24, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.

Affected (1)

Products: Melag: Ftp Server

Melag

1 product

Ftp Server

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Melag Ftp Server	Version 2.2.0.4

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.