CVE-2025-44653
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h3c | gr2200_firmware | minigr1a0v100r016 |
| h3c | gr2200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the USERLIMIT_GLOBAL option in the /etc/bftpd.conf file of the H3C GR2200 MiniGR1A0V100R016 is set to 0, which means unlimited simultaneous user logins are allowed. This misconfiguration allows an attacker to open unlimited connections to the system, potentially overwhelming it and causing a denial-of-service (DoS) attack. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can exploit the unlimited user connection setting to flood the system with connections, leading to a denial-of-service (DoS) condition. This can disrupt normal service availability, causing legitimate users to be disconnected or unable to access the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the configuration of the /etc/bftpd.conf file on the affected system. Specifically, look for the USERLIMIT_GLOBAL setting. If it is set to "0", the system is vulnerable. A command to check this would be: grep USERLIMIT_GLOBAL /etc/bftpd.conf [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately change the USERLIMIT_GLOBAL setting in /etc/bftpd.conf from "0" to a value between 5 and 20. This limits the maximum number of simultaneous user logins and prevents denial-of-service attacks caused by unlimited connections. [1]