Path Traversal Vulnerability in MicroWorld eScan Corporate Edition and Management Console
CVE-2008-1221

Currently unrated

Key Information:

Vendor: Microworld Technologies
Status: Escan Server; Escan Management Console; Escan
Vendor: CVE Published:; 10 March 2008

🔔 Create Microworld Technologies Vulnerability Alert

What is CVE-2008-1221?

The absolute path traversal vulnerability in the FTP server of MicroWorld eScan Corporate Edition and eScan Management Console allows remote attackers to exploit the RETR (get) command. By providing a specially crafted absolute pathname, an attacker could gain unauthorized access to arbitrary files on the server, potentially compromising sensitive information. Organizations utilizing affected versions should implement mitigations and apply any available updates to secure their systems from such threats.

References

http://securityreason.com/securityalert/3723

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/29246

third-party-advisoryx_refsource_SECUNIA

http://aluigi.altervista.org/adv/escaz-adv.txt

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2008
Vulnerability Reserved
Mar 10, 2008