Published: 14/12/2020 Updated: 08/04/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

A malicious server can use the FTP PASV response to trick curl 7.73.0 and previous versions into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
fedoraproject fedora 32
fedoraproject fedora 33
debian debian linux 9.0
debian debian linux 10.0
netapp clustered data ontap -
netapp solidfire -
netapp hci management node -
netapp hci storage node -
netapp hci_bootstrap_os -
apple mac os x
apple mac os x 10.14.6
apple mac os x 10.15.7
apple macos 11.0.1
apple macos 11.1
apple macos 11.2
oracle peoplesoft enterprise peopletools 8.58
oracle communications billing and revenue management 12.0.0.3.0
oracle essbase 21.2
oracle communications cloud native core policy 1.14.0
fujitsu m10-1_firmware
fujitsu m10-4_firmware
fujitsu m10-4s_firmware
fujitsu m12-1_firmware
fujitsu m12-2_firmware
fujitsu m12-2s_firmware
siemens sinec infrastructure network services
splunk universal forwarder 9.1.0
splunk universal forwarder

Debian Bug report logs - #977163 curl: CVE-2020-8284: trusting FTP PASV responses Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Dec 2020 22:12:02 UTC Severity: important Tags: security, upstream Found in versio ...

Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) CVE-2020-8177 sn reporte ...

A flaw was found in libcurl from versions 7290 through 7711 An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection The highest threat from this vulnerability is to data confidentiality (CVE-2020-8231) A malicious server can use t ...

A security issue was found in curl versions 40 up to and including 7730 When curl performs a passive FTP transfer, it first tries the EPSV command and if that is not supported, it falls back to using PASV Passive mode is what curl uses by default A server response to a PASV command includes the (IPv4) address and port number for the client to ...

Critical Infrastructure Sectors: Energy

Critical Infrastructure Sectors: Critical Manufacturing

SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients

surferFTP is a set of scripts implementing some attacks against overly trusting FTP clients to extend our capabilities when exploiting Server-Side Request Forgery (SSRF) issues A malicious FTP server is hosted by the scripts and all it takes to run the attacks is to have the client interact with the FTP server (eg download a file, list the contents of a directory) Even thou

SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients

surferFTP is a set of scripts implementing some attacks against overly trusting FTP clients to extend our capabilities when exploiting Server-Side Request Forgery (SSRF) issues A malicious FTP server is hosted by the scripts and all it takes to run the attacks is to have the client interact with the FTP server (eg download a file, list the contents of a directory) Even thou

NVD-CWE-noinfo https://hackerone.com/reports/1040166 https://curl.se/docs/CVE-2020-8284.html https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html https://security.gentoo.org/glsa/202012-14 https://security.netapp.com/advisory/ntap-20210122-0007/https://www.debian.org/security/2021/dsa-4881 https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 https://support.apple.com/kb/HT212327 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977163 https://nvd.nist.gov https://github.com/vp777/evilFTP https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09 https://www.debian.org/security/2021/dsa-4881

CVE-2020-8284

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect