CVE-2012-10030
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-09-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freefloat | freefloat_ftp_server | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary code remotely on the affected system with SYSTEM-level privileges. This means attackers can take full control of the system, potentially leading to data theft, system compromise, disruption of services, or further attacks within the network.
Can you explain this vulnerability to me?
FreeFloat FTP Server has critical design flaws that let unauthenticated remote attackers upload any files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and does not restrict file types or destination paths. Attackers can upload executable and .mof files to system locations where Windows Management Instrumentation (WMI) automatically executes them, leading to remote code execution with SYSTEM-level privileges without user interaction.