CVE-2024-9999

Nov. 13, 2024, 5:01 p.m.

6.5
Medium

Description

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

Product(s) Impacted

Product Versions
WS_FTP Server
  • ['before 8.8.9']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-303
Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2024
https://www.progress.com/ftp-server

Tags

security@progress.com
CWE-303
2024-11-12
CVE-2024-9999

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    View Vector String

Timeline

Published: Nov. 12, 2024, 5:15 p.m.
Last Modified: Nov. 13, 2024, 5:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@progress.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.