Plattform
nodejs
Komponente
ftp-srv
Behoben in
1.0.1
3.0.1
4.0.1
2.19.6
CVE-2020-15152 is a critical Remote Code Execution (RCE) vulnerability affecting the ftp-srv module in Node.js. This vulnerability arises from improper handling of the PORT command, allowing attackers to manipulate the server's connection target. Versions of ftp-srv prior to 2.19.6 are vulnerable. A fix has been released in version 2.19.6.
The ftp-srv module's vulnerability stems from improper handling of the PORT command in the FTP protocol. The PORT command, typically used by the client to specify the IP address and port for the server to connect back to, allows an attacker to inject a malicious IP address. This can be exploited to force the FTP server to establish a connection to a server controlled by the attacker, potentially leading to remote code execution. Successful exploitation could allow an attacker to gain complete control of the affected server, exfiltrate sensitive data, or launch further attacks against other systems on the network. This vulnerability shares similarities with other FTP-related vulnerabilities where improper input validation leads to arbitrary connection establishment.
CVE-2020-15152 was publicly disclosed on August 17, 2020. While no active exploitation campaigns have been definitively linked to this specific CVE, the RCE nature of the vulnerability makes it a high-priority target. There are publicly available proof-of-concept exploits demonstrating the vulnerability's exploitability. The vulnerability is not currently listed on CISA KEV.
Applications built on Node.js that utilize the ftp-srv module for FTP functionality are at risk. This includes custom-built applications, as well as those relying on older or unmaintained Node.js packages. Shared hosting environments where users have the ability to install or modify Node.js modules are particularly vulnerable.
• nodejs / server:
ps aux | grep ftp-srv
netstat -tulnp | grep :21 # Check for FTP connections• linux / server:
journalctl -u nodejs -f | grep PORT
auditctl -l # Check for audit rules related to FTP connections• generic web:
curl -I http://your-ftp-server/ | grep Server # Check for ftp-srv versiondisclosure
patch
Exploit-Status
EPSS
0.22% (44% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2020-15152 is to upgrade the ftp-srv module to version 2.19.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting outbound connections from the FTP server using a firewall or intrusion prevention system. Additionally, carefully review and restrict the permissions granted to the FTP user account to minimize the potential impact of a successful exploit. Monitor FTP server logs for suspicious connection attempts or unusual activity. After upgrading, confirm the fix by attempting a PORT command with a non-routable IP address; the server should reject the connection.
Aktualisieren Sie das Paket ftp-srv auf Version 2.19.6, 3.1.2 oder 4.3.4 oder höher. Dies behebt die Server-Side Request Forgery (SSRF)-Schwachstelle im PORT-Befehl. Alternativ können Sie den PORT-Befehl über die FTP-Serverkonfiguration sperren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-15152 is a critical Remote Code Execution vulnerability in the Node.js ftp-srv module, allowing attackers to execute arbitrary code on the server by manipulating the PORT command.
You are affected if you are using a version of Node.js ftp-srv prior to 2.19.6. Check your installed version and upgrade immediately.
Upgrade to version 2.19.6 or later of the ftp-srv module. If upgrading is not possible, implement temporary workarounds like restricting outbound connections.
While no confirmed active campaigns are publicly known, the CRITICAL severity and available proof-of-concept exploits suggest a potential for exploitation.
Refer to the Node.js security advisories and the ftp-srv module's repository for detailed information and updates: https://nodejs.org/en/security/ and https://github.com/adrianleon/node-ftp-srv
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.