HTTP: EnterpriseDT CompleteFTP Server HttpFile Arbitrary File Deletion
This signature detects attempts to exploit a known vulnerability against EnterpriseDT CompleteFTP Server. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
Affected Products
Enterprisedt completeftp_server
Short Name
HTTP:CTS:ENTERPRISEDT-CFTP-FD
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2022-2560 CompleteFTP Deletion EnterpriseDT File HttpFile Server
Release Date
11/30/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3592
False Positive
Unknown
Vendors
Enterprisedt