CVE-2024-9999

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 303

Summary

CVE-2024-9999 is a vulnerability affecting WS_FTP Server versions prior to 8.8.9 (2022.0.9). This issue involves an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass second-factor verification and successfully log in using only their username and password. This vulnerability could potentially expose sensitive data or grant unauthorized access to the affected system. Users are strongly urged to update their WS_FTP Server software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Progress Publishers

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uIwtsO
https://www.cve.org/CVERecord?id=CVE-2024-9999
https://nvd.nist.gov/vuln/detail/CVE-2024-9999

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-9999

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations