Unrated severityNVD Advisory· Published Jan 14, 2020· Updated Aug 4, 2024
CVE-2020-5196
CVE-2020-5196
Description
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Cerberus FTP Server/Cerberus FTP Server Enterprise Editiondescription
- Range: <11.0.3, <10.0.18
Patches
Vulnerability mechanics
References
3- support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcementsmitrex_refsource_MISC
- www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/mitrex_refsource_MISC
- www.doyler.net/security-not-included/cerberus-ftp-vulnerabilitiesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.