Attacker Value
Very Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
2

CVE-2023-2990

Disclosure Date: June 22, 2023
CVE-2023-2990 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very High
Vulnerable in default configurationNo useful access
Technical Analysis

This is effectively a zipbomb – the inbound message parser for the Fortra Globalscape’s admin protocol accepts compressed messages, but the decompression code is recursive. That means that, if you send a message that decompresses into itself with a short header (effectively a “quine”), it will recurse infinitely and eventually blow the stack.

While it doesn’t give any useful access, it’s a neat vuln with a (mathematically) neat exploit!

PoC

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Globalscape EFT 8.1.0.16
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • globalscape

Products

  • eft server

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis