Skip to content

Latest commit

 

History

History
 
 

CVE-2019-16864

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

CVE‑2019‑16864: CompleteFTP Server Authenticated Remote Command Execution

Information

Description: This vulnerability allows Remote Command Execution with SYSTEM privileges for any authenticated user with a Windows local or domain account on the target host. The is possible because of the "exec" command available in via SSH which always executes as SYSTEM regardless of the privileges of the logged in user. CompleteFTP Server versions prior to 12.1.4 are vulnerable to this attack by any level of Windows user. As of version 12.1.4, the "exec" command limited to Windows Administrator accounts.
Versions Affected: < 12.1.4
Researcher: Robert Fisher (https://twitter.com/be0vlk @be0vlk)
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16864
Vendor Disclosure: https://enterprisedt.com/products/completeftp/doc/guide/html/history.html

Proof-of-Concept Exploit

Description

The attacker needs an account on the target system with SSH enabled. Exploitation is as simple as logging in and using the "exec" command to execute any arbitrary command as SYSTEM.

Usage/Exploitation

You must have the Paramiko library for Python installed. Run the exploit from the attacking machine using arguments as follows:

python cve-2019-16864.py 192.168.1.1 username password

PoC