eScan Server Management Console (eserv.exe) FTP Server Arbitrary File Download

medium Nessus Plugin ID 31357

Synopsis

The remote ftp server is affected by a directory traversal vulnerability.

Description

The version of eScan Management Console / eScan Server installed on the remote host includes an FTP server that is affected by a directory traversal vulnerability. By leveraging this issue, an unauthenticated, remote attacker can retrieve files on the same drive as the application.

Solution

Unknown at this time.

See Also

http://aluigi.altervista.org/adv/escaz-adv.txt

https://seclists.org/fulldisclosure/2008/Mar/107

Plugin Details

Severity: Medium

ID: 31357

File Name: escan_ftp_dir_traversal.nasl

Version: 1.17

Type: remote

Family: FTP

Published: 3/7/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: ftp/login, ftp/password

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-1221

BID: 28127

CWE: 22

Secunia: 29246