ArGoSoft FTP Server .lnk Shortcut Upload Arbitrary File Manipulation

high Nessus Plugin ID 15623

Synopsis

The remote FTP server is affected by an unauthorized access issue.

Description

The remote host is running ArGoSoft FTP Server.

It is reported that ArGoSoft FTP Server is prone to an attack that allows link upload. An attacker, exploiting this flaw, may be able to have read and write access to any files and directories on the FTP server.

Solution

Upgrade to ArGoSoft FTP 1.4.2.2 or later.

Plugin Details

Severity: High

ID: 15623

File Name: argosoft_ftp_shortcut.nasl

Version: 1.19

Type: remote

Family: FTP

Published: 11/4/2004

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/1/2004

Reference Information

CVE: CVE-2004-2672

BID: 11589