Is CVE-2020-8635 actively exploited?

CVE-2020-8635 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-8635?

CVE-2020-8635 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2020-8635?

Patch guidance is available from wftpserver security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-8635.

Fix CVE-2020-8635 - HIGH wftpserver wing ftp server

Q: Which products are affected by CVE-2020-8635?

3 products: wftpserver wing ftp server, wftpserver wing ftp server, wftpserver wing ftp server.

Description

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-732 · Incorrect Permission Assignment

Metadata

Primary Vendor: WFTPSERVER
Published: 3/7/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

wftpserver : wing_ftp_serverwftpserver : wing_ftp_serverwftpserver : wing_ftp_server

Remediation Guidance

Executive Summary

View on NIST NVD