Vulnerability Details : CVE-2019-16116
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
Products affected by CVE-2019-16116
- cpe:2.3:a:enterprisedt:completeftp_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-16116
0.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-16116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-16116
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-16116
-
https://enterprisedt.com/products/completeftp/doc/guide/html/history.html
CompleteFTP revision historyRelease Notes;Vendor Advisory
-
https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/
CompleteFTP Server Local Privilege Escalation CVE-2019-16116Exploit;Third Party Advisory
Jump to