Remote Code Execution Vulnerability in Ipswitch WS_FTP Server
CVE-2004-1885

Currently unrated

Key Information:

Vendor: Progress
Status: Ws Ftp Server
Vendor: CVE Published:; 31 December 2004

Summary

The Ipswitch WS_FTP Server 4.0.2 contains a vulnerability that allows remote authenticated users to execute arbitrary commands with SYSTEM privileges. This is achieved by using the SITE command to manipulate specific options in iFtpSvc. The flawed design of iftpmgr.exe can be exploited, leading to potential unauthorized access and control of the server environment for users who might exploit this flaw. This issue underscores the importance of securing server configurations and monitoring user activities.

References

http://marc.info/?l=bugtraq&m=108006581418116&w=2

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/15558

vdb-entryx_refsource_XF

http://secunia.com/advisories/11206

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Dec 31, 2004