CVE-2012-10030

216.73.216.226

· Published 05/08/2025 20:15 · Modified 06/08/2025 18:15

Labels: CVE-2012-10030 2025-08-05 CVE-2012-10030 CWE-306 [email protected]

Essential information

Published: 05/08/2025 20:15
Modified: 06/08/2025 18:15
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
freefloat / ftp server	`cpe:2.3:a:freefloat:ftp_server::::::::`