Plataforma
windows
Componente
wing-ftp-server
Corrigido em
6.2.7
CVE-2020-37079 describes a cross-site request forgery (CSRF) vulnerability affecting Wing FTP Server. This flaw allows attackers to potentially delete administrative user accounts without proper authorization, compromising server management. The vulnerability impacts versions of Wing FTP Server prior to 6.2.7 running on Windows systems. A patch is available in version 6.2.7.
The primary impact of this vulnerability is the unauthorized deletion of administrative user accounts within Wing FTP Server. An attacker could craft a malicious HTML page containing a hidden form that, when visited by an authenticated administrator, would submit a request to delete the administrator's own account. This effectively grants the attacker control over server administration, potentially leading to data breaches, configuration changes, or complete server compromise. While the vulnerability requires an authenticated administrator to be targeted, the ease of exploitation through CSRF makes it a significant risk.
This vulnerability was publicly disclosed on 2026-02-06. No public proof-of-concept (POC) code has been widely reported, but the CSRF nature of the vulnerability makes it relatively straightforward to exploit. The EPSS score is likely low to medium, reflecting the need for an authenticated administrator to be targeted, but the ease of exploitation. It is not currently listed on CISA KEV.
Organizations running Wing FTP Server versions 6.2.6 and earlier, particularly those with shared administrative accounts or lax security practices, are at risk. Environments where administrators routinely browse untrusted websites are also more vulnerable to CSRF attacks.
• windows / server:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -Message contains 'Wing FTP Server'"• windows / server:
Get-Process | Where-Object {$_.ProcessName -match 'wingftp'}• windows / server: Check Autoruns for suspicious entries related to Wing FTP Server or its components.
disclosure
Status do Exploit
EPSS
0.01% (percentil 1%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2020-37079 is to upgrade Wing FTP Server to version 6.2.7 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter access controls and input validation within the web administration interface. Implement a Content Security Policy (CSP) to restrict the origins from which scripts can be executed, reducing the attack surface. Monitor server logs for suspicious activity, particularly requests related to user account management. After upgrading, verify the integrity of user accounts and access permissions.
Atualize Wing FTP Server para a versão 6.2.7 ou posterior. Esta atualização corrige a vulnerabilidade CSRF que permite a eliminação não autorizada de usuários administradores. Baixe a última versão do site oficial do fornecedor.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2020-37079 is a cross-site request forgery vulnerability in Wing FTP Server versions prior to 6.2.7, allowing attackers to delete admin users.
You are affected if you are running Wing FTP Server versions 6.2.6 or earlier. Upgrade to 6.2.7 to mitigate the risk.
Upgrade Wing FTP Server to version 6.2.7 or later. Implement stricter access controls and consider a Content Security Policy (CSP).
While no widespread exploitation has been confirmed, the ease of exploitation makes it a potential threat. Monitor your server logs for suspicious activity.
Refer to the official Wing FTP Server website for security advisories and updates: [https://www.wingftp.com/security/](https://www.wingftp.com/security/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.