Vulnerabilities > CVE-2020-8284

047910
CVSS 3.7 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE

Summary

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Vulnerable Configurations

Part Description Count
Application
Haxx
171
Application
Netapp
3
Application
Oracle
4
Application
Siemens
2
Application
Splunk
14
OS
Fedoraproject
2
OS
Debian
2
OS
Netapp
1
OS
Apple
55
OS
Fujitsu
45
Hardware
Netapp
2
Hardware
Fujitsu
6

References