Due to a security flaw in the file transfer programme CompleteFTP, unauthenticated attackers were able to delete arbitrary files on vulnerable installations.
CompleteFTP is a proprietary FTP and SFTP server for Windows developed by EnterpriseDT of Australia that supports FTPS, SFTP, and HTTPS.
A security researcher known as rgod uncovered a problem in the HttpFile class that stems from the failure to properly validate a user-supplied path before utilising it in file operations.
A security advisory explains, “This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”
The vulnerability was given CVE-2022-2560 and was addressed in CompleteFTP version 22.1.1.
Other security changes in this release include the SHA-2 cryptographic hash algorithm for RSA signatures and a new format for PuTTY private keys.
Sharing below a brief capture of the vulnerability:
- CVSS SCORE: 8.2, (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
- AFFECTED VENDORS: EnterpriseDT
- AFFECTED PRODUCTS: CompleteFTP
- ADDITIONAL DETAILS: Fixed in version 22.1.1.