Details of VAR-199902-0016

ID

VAR-199902-0016

CVE

CVE-1999-1171

TITLE

IPswitch WS_FTP Service privilege expansion vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

DESCRIPTION

IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. A security vulnerability exists in IPswitch WS_FTP

Trust: 1.26

sources: NVD: CVE-1999-1171 // BID: 218 // VULHUB: VHN-1152

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	5.0	Trust: 1.9
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.1.e	Trust: 1.0
vendor:	progress	model:	ws ftp server	scope:	eq	version:	1.0.2.e	Trust: 1.0
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.2.e	Trust: 0.6
vendor:	ipswitch	model:	ws ftp server	scope:	eq	version:	1.0.1.e	Trust: 0.6
vendor:	ipswitch	model:	ws ftp server eval	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	ipswitch	model:	ws ftp server eval	scope:	eq	version:	1.0.1	Trust: 0.3

sources: BID: 218 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1171
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199902-007
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1152
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-1171
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1152
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1152 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1171

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1152

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1171	Trust: 2.0
db:	BID	id:	218	Trust: 2.0
db:	CNNVD	id:	CNNVD-199902-007	Trust: 0.7
db:	EXPLOIT-DB	id:	19167	Trust: 0.1
db:	VULHUB	id:	VHN-1152	Trust: 0.1

sources: VULHUB: VHN-1152 // BID: 218 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

REFERENCES

url:	http://www.securityfocus.com/bid/218	Trust: 1.7
url:	http://marc.info/?l=ntbugtraq&m=91816507920544&w=2	Trust: 1.6
url:	http://marc.info/?l=ntbugtraq&m=91816507920544&w=2	Trust: 0.1

sources: VULHUB: VHN-1152 // CNNVD: CNNVD-199902-007 // NVD: CVE-1999-1171

CREDITS

Marc

Trust: 0.6

sources: CNNVD: CNNVD-199902-007

SOURCES

db:	VULHUB	id:	VHN-1152
db:	BID	id:	218
db:	CNNVD	id:	CNNVD-199902-007
db:	NVD	id:	CVE-1999-1171

LAST UPDATE DATE

2024-08-14T14:48:22.751000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1152	date:	2019-08-13T00:00:00
db:	BID	id:	218	date:	2009-07-11T00:16:00
db:	CNNVD	id:	CNNVD-199902-007	date:	2020-01-02T00:00:00
db:	NVD	id:	CVE-1999-1171	date:	2023-10-11T14:45:44.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1152	date:	1999-02-02T00:00:00
db:	BID	id:	218	date:	1999-02-04T00:00:00
db:	CNNVD	id:	CNNVD-199902-007	date:	1999-02-02T00:00:00
db:	NVD	id:	CVE-1999-1171	date:	1999-02-02T05:00:00