CVE-2019-5429

DEB

High

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's ho…

CVSS

7.8

High

EPSS

0.02

p82

Published

2019-01-01

Updated

2019-01-01

Description

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

Tags · CWE

CWE-426

CAPEC-38

Affected products

FilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezillaFilezilla

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2019-01-01

Published

2019-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.025 · p82

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1574.007Path Interception by PATH Environment Variable

└ via CAPEC-38 · CWE-426

T1574.009Path Interception by Unquoted Path

└ via CAPEC-38 · CWE-426

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Debian

Debian Linux Filezilla

Product	Vendor	Status
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked
filezilla		Tracked

Showing first 20 of 23

Source databases

DEB

CVE

UBU