CVE-2024-46483

Published Oct 22, 2024

Last updated 25 days ago

CVSS critical 9.8

Overview

Description
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-190

Social media

Hype score
Not currently trending

  1. Xlight FTP Server の脆弱性 CVE-2024-46483 (CVSS 9.8) が FIX:PoC も公開 https://t.co/ffqBuNebWY #DoS #Exploit #FTP #RCE #SFTP #Vulnerability #Windows #Xlight

    @iototsecnews

    6 Nov 2024

    68 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. CVE-2024-46483: Pre-Auth Heap Overflow in Xlight SFTP server https://t.co/PBOlR0MbJb 2. CVE-2024-38812: VMWare vCenter Server DCERPC https://t.co/X88bk1DndK 3. CVE-2024-6473: Yandex Browser &lt;24.7.1.380 DLL Hijacking https://t.co/bmugQBfCvJ

    @ksg93rd

    3 Nov 2024

    100 Impressions

    0 Retweets

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Alert🚨CVE-2024-46483 (CVSS 9.8): Pre-Authentication Heap Overflow in Xlight SFTP server &lt;= 3.9.4.2 🔥PoC: https://t.co/l6dK8eQ3Vf 📊 7K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/RRZ0OXozr6 👇Query HUNTER:/product.name="Xlight ftp

    @HunterMapping

    30 Oct 2024

    3663 Impressions

    20 Retweets

    59 Likes

    20 Bookmarks

    4 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published Affect Xlight SFTP server &lt;= 3.9.4.2 🔥PoC: https://t.co/zKPXdwqGci 🎯33k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA… https://t.co/6byjh9

    @fofabot

    29 Oct 2024

    1870 Impressions

    10 Retweets

    26 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2024-46483: Integer Overflow in Xlight FTP Server, 9.8 rating 🔥 By overflowing the variable, an attacker could cause remote code execution or a DoS. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/8Vi8RXCiUv #cybersecurity #vulnerability_map #xkight https://t.co/

    @Netlas_io

    29 Oct 2024

    353 Impressions

    1 Retweet

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨🚨CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published ⚠The flaw affects Xlight versions 3.9.4.2 and earlier for both 32-bit and 64-bit architectures, allowing unauthenticated attackers to achieve remote code execution or… http

    @zoomeye_team

    29 Oct 2024

    805 Impressions

    4 Retweets

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published https://t.co/fzZCdsmcP0

    @Dinosn

    29 Oct 2024

    3961 Impressions

    27 Retweets

    84 Likes

    18 Bookmarks

    0 Replies

    1 Quote

  8. CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published Learn about the critical security vulnerability CVE-2024-46483 affecting Xlight SFTP server, and how it allows remote code execution or DoS https://t.co/UUOgUQETAt

    @the_yellow_fall

    29 Oct 2024

    901 Impressions

    3 Retweets

    19 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

References