Vulnerability Details CVE-2017-6465
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.275
EPSS Ranking 96.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/141456/FTPShell-Client-6.53-Buffer-Overflow.html
- http://www.securityfocus.com/bid/96570
- https://www.exploit-db.com/exploits/41511/
- http://packetstormsecurity.com/files/141456/FTPShell-Client-6.53-Buffer-Overflow.html
- http://www.securityfocus.com/bid/96570
- https://www.exploit-db.com/exploits/41511/
Products affected by CVE-2017-6465
-
cpe:2.3:a:ftpshell:ftpshell_client:6.53