Vulnerability Details CVE-2022-41985
An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.8%
CVSS Severity
CVSS v3 Score 8.6
References
- https://github.com/weston-embedded/uC-FTPs/pull/1
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680
- https://github.com/weston-embedded/uC-FTPs/pull/1
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680
Products affected by CVE-2022-41985
-
cpe:2.3:a:weston-embedded:uc-ftps:1.98.00