Backdoor Vulnerability in vsftpd 2.3.4 by Academy of Linux
CVE-2011-2523
Key Information:
- Vendor
- vsftpd
- Status
- vsftpd
- Vendor
- CVE Published:
- 27 November 2019
Badges
Summary
A serious backdoor vulnerability was discovered in vsftpd 2.3.4, affecting downloads made between June 30 and July 3, 2011. This vulnerability allows an attacker to exploit the software and open a remote shell on port 6200/tcp, granting unauthorized access to the system. It poses significant risks to servers using this version of vsftpd, as it can lead to complete system compromise if exploited.
Affected Version(s)
vsftpd 2.3.4 downloaded between 20110630 and 20110703
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved