CVE Vulnerabilities

CVE-2022-41985

Incorrect Implementation of Authentication Algorithm

Published: May 10, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Weakness

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Affected Software

Name Vendor Start Version End Version
Uc-ftps Weston-embedded 1.98.00 (including) 1.98.00 (including)

References