CVE-2022-22836

Published Jan 10, 2022
Last updated 3 years ago
CVSS medium 6.5
Overview

Description: CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-22
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60FAB380-E311-42E7-AA7F-D3C59639FD36",
            "versionEndIncluding": "1.2"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_639:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9653F511-12E9-426B-BE06-6729639FAFF0"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_640:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2A66807-4441-4FCC-A8E2-470DA5D2CCBB"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_641:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2950665A-8C16-4192-96E1-055C95BB27C1"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_642:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0D479C3-F5BC-46AF-915B-5ED84AA055BE"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_645:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5932950-C5A6-4272-8393-0BA73CF30022"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_647:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17FE79D-062C-425E-8231-635A78E9F160"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_649:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D73D3CFE-CBBD-4D67-9AB6-C25124FFCB54"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_651:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17EF44EC-BD12-4BF9-AFD2-AE6946179066"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_653:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA10948B-CE3E-4DDD-99B1-AC5EBF028E1A"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_655:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA696B44-1F79-4B09-A54F-D2D44149C3F6"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_656:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E8F681-11EE-4644-8733-3C4866CA4C3B"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_657:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57162852-865D-4BBD-82A4-9EA3268FC69B"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_658:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EEC2B80-5948-48BD-A57C-17E0B838B13E"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_659:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "894F321E-1EBF-407C-8EEB-69E624553CEE"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_665:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FE817F-ED2E-4EED-B545-3D550F4F57E2"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_667:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA70A26B-9F94-44B0-97CA-AE30FD33622C"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_668:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0260895-35E1-4398-A22B-474CD1E51E30"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_671:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D2E89F-9345-459F-B795-8A0E52EE9E01"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_673:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3060984A-886B-4464-93E8-8C38B704D861"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_674:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38C91817-6753-4059-B5D4-0D986F21D967"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_676:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55B7F24A-12DA-441C-80AF-51577DABDF99"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_677:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D4BD882-AC61-4A52-AD4C-1C3232ABF1E8"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_679:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D30D7337-282B-4C80-A87A-ECEF03FA9D92"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_682:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6878F188-1B25-4B89-A741-75F4FB0B8179"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_687:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A33A6C0-0645-4C46-BAEC-B271D5398832"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_689:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96E1D730-65B7-4CD8-B444-9EC59FCD01C6"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_691:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "335DC8EF-68D4-425C-B225-D47FBB6DED0C"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_694:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "965ECA92-CE42-4BB4-929F-9FEBEE81EDB8"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_695:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC0FAAFF-6714-4719-A298-AD44E7719C08"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_697:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D25AF2E-03D3-4523-AEE3-2174FA8D0C68"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_699:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "042DAB6B-47EF-4DDB-87F0-167603240123"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_702:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243CC193-85CD-44B0-A63F-71BBFDF1D6AE"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_704:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49BC71E4-CE3A-450D-A2F0-36273701F895"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_705:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD233196-C6C3-4446-9D6E-814A45DB220D"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_711:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C3FEBA0-EC1F-49BD-8CF1-3E56BB6BED86"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_713:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE32CC8-D71A-40B3-A212-3FCF28F7B562"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_715:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D99AFB55-FDD5-4C6D-B272-4F3F49E50335"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_719:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA505FA6-6AC2-4C1E-BD91-68903E44C68B"
          },
          {
            "criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:build_725:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9179FEB3-2371-45A3-B544-3FC29DDB2C65"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
