The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
Published : 2007-01-23 02:28 Updated : 2008-09-05 21:16
CVSS Score More info
Score 7.8 / 10
A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.
Specialized access conditions or extenuating circumstances do not exist. The following are examples:
- The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
- The affected configuration is default or ubiquitous.
- The attack can be performed manually and requires little skill or additional information gathering.
- The race condition is a lazy one (i.e., it is technically a race but easily winnable).
Authentication is not required to exploit the vulnerability.
There is no CWE for this CVE.
History of changes