Format String Vulnerability in ABB IDAL FTP Server

Format String Vulnerability in ABB IDAL FTP Server

CVE-2019-7230 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

Learn more about our Cis Benchmark Audit For Server Software.