Heap Overflow Vulnerability in Xlight FTP Server
CVE-2024-46483
Key Information:
- Vendor
Xlight
- Vendor
- CVE Published:
- 22 October 2024
Badges
What is CVE-2024-46483?
The vulnerability CVE-2024-46483 affects Xlight FTP Servers and is a critical pre-authentication heap overflow vulnerability. It impacts both 32-bit and 64-bit versions of the software and has a CVSS score of 9.8. The vulnerability allows an unauthenticated attacker to achieve code execution or cause a denial of service. There is a proof-of-concept available for this vulnerability, and organizations are advised to update their systems immediately. The impact of the vulnerability varies depending on the version of Xlight, with 32-bit versions being more susceptible to code execution and 64-bit versions causing potential crashes. Users are strongly recommended to install updates and upscale monitoring and detection capabilities to identify any related suspicious activity. Patching appliances or software to the newest version may provide safety from future exploitation, but does not remediate historic compromise.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
WARNING: CRITICAL PRE-AUTHENTICATION HEAP OVERFLOW VULNERABILITY IN XLIGHT FTP SERVERS, PATCH IMMEDIATELY!
The vulnerability arises from a heap overflow in Xlight’s SFTP protocol implementation.
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by | Cert
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist