File Permission Vulnerability in Wing FTP Server by Wing FTP
CVE-2020-8634

7.8HIGH

Key Information:

Vendor: Wftpserver
Status: Wing Ftp Server
Vendor: CVE Published:; 7 March 2020

What is CVE-2020-8634?

Wing FTP Server v6.2.3 poses a security risk due to inadequate file permissions granted to files modified through the HTTP file management interface. This flaw allows files to be unintentionally saved with permissions that make them world-readable and world-writable. If a sensitive file is edited in this manner, a low-privilege user could exploit this vulnerability to escalate their privileges to that of the root user, potentially leading to unauthorized access and control over critical system files.

References

https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2020
Vulnerability Reserved
Feb 5, 2020

Wftpserver

What is CVE-2020-8634?

References

CVSS V3.1

Timeline