CVE-2017-12170
moderate-risk
Published 2017-09-21
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (2)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1493114
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1493114
42
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
9/34 · Low