Skip to content

Latest commit

 

History

History

CVE-2019-16116

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

CVE‑2019‑16116: CompleteFTP Server Local Privilege Escalation

Information

Description: This vulnerability allows hijacking the CompleteFTP administrator account which then leads to code execution with "SYSTEM" privileges. CompleteFTP Server versions prior to 12.1.3 are vulnerable to this attack.
Versions Affected: < 12.1.3
Researcher: Robert Fisher (https://twitter.com/be0vlk @be0vlk)
Disclosure Link: https://rhinosecuritylabs.com/application-security/completeftp-server-local-privesc-cve-2019-16116/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16116
Vendor Disclosure: https://enterprisedt.com/products/completeftp/doc/guide/html/history.html

Proof-of-Concept Exploit

Description

The attacker needs read access to the server install directory, which is default. The exploit obtains the administrator encrypted passphrase from the log file and uses it to login to the management interface as the administrator. To escalate the attack, you will need to navigate to the "Process Triggers" section of the interface where you will be able to input your arbitrary code to be executed as "SYSTEM".

Usage/Exploitation

Run the exploit from a standard user account on Windows where CompleteFTP Server is installed.

PoC