Vulnerability Details CVE-2020-14057
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write
- https://www.monstaftp.com/notes/
- https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20191203-01_Monsta_FTP_Arbitrary_File_Read_and_Write
- https://www.monstaftp.com/notes/
Products affected by CVE-2020-14057
-
cpe:2.3:a:monstaftp:monsta_ftp:2.10
-
cpe:2.3:a:monstaftp:monsta_ftp:2.10.1
-
cpe:2.3:a:monstaftp:monsta_ftp:2.7
-
cpe:2.3:a:monstaftp:monsta_ftp:2.8
-
cpe:2.3:a:monstaftp:monsta_ftp:2.8.1
-
cpe:2.3:a:monstaftp:monsta_ftp:2.8.2
-
cpe:2.3:a:monstaftp:monsta_ftp:2.9
-
cpe:2.3:a:monstaftp:monsta_ftp:2.9.1
-
cpe:2.3:a:monstaftp:monsta_ftp:2.9.2
-
cpe:2.3:a:monstaftp:monsta_ftp:2.9.3