Buffer Overflow Vulnerability in AceaXe Plus FTP Client
CVE-2019-19782

9.8CRITICAL

Key Information:

Vendor: Labf
Status: Aceaxe Plus
Vendor: CVE Published:; 13 December 2019

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-19782?

A buffer overflow vulnerability exists in the FTP client of AceaXe Plus version 1.0. This can be exploited when a long EHLO response is sent from an FTP server, potentially allowing unauthorized remote code execution. Organizations using this version are urged to apply patches and review their FTP configurations to mitigate risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-19782
Created by Underwood12

References

https://sketler.github.io/cve_research/AceaXeftp-RCE-Via-...

x_refsource_MISC

https://github.com/sketler/sketler.github.io/blob/master/...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 11, 2020
👾
Exploit known to exist
Jan 11, 2020
Vulnerability published
Dec 13, 2019
Vulnerability Reserved
Dec 13, 2019

CVE-2019-19782 Data

JSON

Labf

Badges

What is CVE-2019-19782?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline