CVE-2025-49195
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-01-26
Assigner: SICK AG
Description
Description
The FTP serverβs login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | media_server | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the FTP server's login mechanism does not limit the number of authentication attempts. This allows an attacker to repeatedly try different passwords (brute-force attack) to gain unauthorized access to user accounts on the FTP server.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to gain unauthorized access to the FTP server by guessing user passwords. This could lead to unauthorized access to sensitive files or data stored on the server, potentially compromising confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70