Is CVE-2020-8634 actively exploited?

CVE-2020-8634 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-8634?

CVE-2020-8634 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2020-8634?

Patch guidance is available from wftpserver security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-8634.

Fix CVE-2020-8634 - HIGH wftpserver wing ftp server

Q: Which products are affected by CVE-2020-8634?

3 products: wftpserver wing ftp server, wftpserver wing ftp server, wftpserver wing ftp server.

Description

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-281

Metadata

Primary Vendor: WFTPSERVER
Published: 3/7/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

wftpserver : wing_ftp_serverwftpserver : wing_ftp_serverwftpserver : wing_ftp_server

Remediation Guidance

Executive Summary

View on NIST NVD