Anonymous FTP Enabled

Medium Nessus Plugin ID 10079

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 1.4

Synopsis

Anonymous logins are allowed on the remote FTP server.

Description

Nessus has detected that the FTP server running on the remote host allows anonymous logins. Therefore, any remote user may connect and authenticate to the server without providing a password or unique credentials. This allows the user to access any files made available by the FTP server.

Solution

Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure that sensitive content is not being made available.

Plugin Details

Severity: Medium

ID: 10079

File Name: ftp_anonymous.nasl

Version: 1.59

Type: remote

Family: FTP

Published: 1999/06/22

Updated: 2020/03/27

Dependencies: 10092, 10870

Risk Information

Risk Factor: Medium

VPR Score: 1.4

CVSS Score Source: CVE-1999-0497

CVSS Score Rationale: Tenable gives a confidentiality impact of partial since the issue could allow unwanted access to file system.

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1993/07/01

Reference Information

CVE: CVE-1999-0497

BID: 83206