Remote Code Execution Vulnerability in Ipswitch WS_FTP Server
CVE-2004-1885

Currently unrated

Key Information:

Vendor

Progress

Status
Ws Ftp Server
Vendor
CVE Published:
31 December 2004

What is CVE-2004-1885?

The Ipswitch WS_FTP Server 4.0.2 contains a vulnerability that allows remote authenticated users to execute arbitrary commands with SYSTEM privileges. This is achieved by using the SITE command to manipulate specific options in iFtpSvc. The flawed design of iftpmgr.exe can be exploited, leading to potential unauthorized access and control of the server environment for users who might exploit this flaw. This issue underscores the importance of securing server configurations and monitoring user activities.

References

http://marc.info/?l=bugtraq&m=108006581418116&w=2
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/15558
vdb-entryx_refsource_XF
http://secunia.com/advisories/11206
third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.