ID

VAR-199902-0016


CVE

CVE-1999-1171


TITLE

IPswitch WS_FTP Service privilege expansion vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

DESCRIPTION

IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. A security vulnerability exists in IPswitch WS_FTP

Trust: 1.26

sources: NVD: CVE-1999-1171 // BID: 218 // VULHUB: VHN-1152

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.9

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.1

Trust: 0.3

sources: BID: 218 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1171
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199902-007
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1152
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1171
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1152
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1152 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1171

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1152

EXTERNAL IDS

db:NVDid:CVE-1999-1171

Trust: 2.0

db:BIDid:218

Trust: 2.0

db:CNNVDid:CNNVD-199902-007

Trust: 0.7

db:EXPLOIT-DBid:19167

Trust: 0.1

db:VULHUBid:VHN-1152

Trust: 0.1

sources: VULHUB: VHN-1152 // BID: 218 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

REFERENCES

url:http://www.securityfocus.com/bid/218

Trust: 2.7

url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2

Trust: 2.6

url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2

Trust: 0.1

sources: VULHUB: VHN-1152 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

CREDITS

Marc

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

SOURCES

db:VULHUBid:VHN-1152
db:BIDid:218
db:CNNVDid:CNNVD-199902-007
db:NVDid:CVE-1999-1171

LAST UPDATE DATE

2024-11-22T23:11:45.613000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1152date:2019-08-13T00:00:00
db:BIDid:218date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199902-007date:2020-01-02T00:00:00
db:NVDid:CVE-1999-1171date:2024-11-20T23:30:28.787

SOURCES RELEASE DATE

db:VULHUBid:VHN-1152date:1999-02-02T00:00:00
db:BIDid:218date:1999-02-04T00:00:00
db:CNNVDid:CNNVD-199902-007date:1999-02-02T00:00:00
db:NVDid:CVE-1999-1171date:1999-02-02T05:00:00