Insecure Default Permissions in Wing FTP Server <= 7.2.0
CVE-2023-37878

6.1MEDIUM

Key Information:

Vendor

Wing Ftp Server

Status
Wing Ftp Server
Vendor
CVE Published:
12 September 2023

What is CVE-2023-37878?

Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.

Affected Version(s)

Wing FTP Server <= 7.2.0

References

https://www.wftpserver.com/serverhistory.htm

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thomas Felder
.