Vulnerability Details : CVE-2023-38960
Potential exploit
Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.
Vulnerability category: Execute code
Products affected by CVE-2023-38960
- cpe:2.3:a:raidenftpd:raidenftpd:2.4.4005:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-38960
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-38960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
NIST | 2024-10-21 |
CWE ids for CVE-2023-38960
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-38960
-
https://rodelllemit.medium.com/insecure-permissions-vulnerability-in-raidenftpd-v2-4-build-4005-2016-04-01-ea7389be3d33
Insecure Permission vulnerability in RaidenFTPD v2.4 build 4005 (2016/04/01) | by @ro0taddict | Feb, 2024 | MediumExploit;Third Party Advisory
Jump to