Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-9999

Nov. 13, 2024, 5:01 p.m.

Tags

security@progress.com
CWE-303
2024-11-12
CVE-2024-9999

CVSS Score

6.5 / 10

Product(s) Impacted

WS_FTP Server

  • before 8.8.9

Description

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

Weaknesses

CWE-303
Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

CWE ID: 303

Date

Published: Nov. 12, 2024, 5:15 p.m.

Last Modified: Nov. 13, 2024, 5:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@progress.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score
6.5
Exploitability Score
1.2
Impact Score
5.2
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

References

https://community.progress.com/ security@progress.com
https://www.progress.com/ security@progress.com