CVE-2020-8635

HIGH

Wing FTP Server <6.2.3 - Privilege Escalation

Title source: llm

Description

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.

Exploits (2)

github WORKING POC 4 stars

by X1cT34m · cpoc

https://github.com/X1cT34m/CVE-and-PoC/tree/main/2020/CVE-2020-8635

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Al1ex · poc

https://github.com/Al1ex/CVE-2020-8635

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.hooperlabs.xyz/disclosures/cve-2020-8635.php

Scores

CVSS v3 7.8

EPSS 0.0365

EPSS Percentile 87.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

wftpserver/wing_ftp_server 6.2.3 (3 CPE variants)

Published Mar 07, 2020

Tracked Since Feb 18, 2026