Start Trial

Critical Security Advisory for Cerberus FTP Versions 12.7.0-12.7.3

by | Jun 1, 2022 | FTP Server Administration, FTP Server Security

Critical Security Advisory

A critical security issue has been identified in Cerberus FTP Server. We urge customers to download version 12.7.4 and upgrade as soon as possible.

Scope

  • All editions (Enterprise, Professional, Standard) of Cerberus FTP Server are affected.
  • HTTP(S) and HTTP(S) Admin listeners are affected by this vulnerability.

Other file transfer protocols (FTP, FTPS, SFTP, SCP) are not affected.

Known Affected Versions

  • Versions 12.7.0, 12.7.1, 12.7.2, and 12.7.3

Version 12.6.0 and earlier are not affected.
Version 11.3.5 and earlier are not affected.

Resolution

To fix this issue:

Mitigation

If upgrading cannot be done in a timely manner, administrators may mitigate the issue by:

  • Disabling all HTTP(S) listeners. Disabling HTTP(S) Admin listeners or limiting access to trusted IPs.

or…

  • Downgrading to Cerberus FTP Server version 12.6.0

Related posts:

  1. Which File Transfer Protocols Should You Support? 
  2. SFTP vs. FTPS. Understanding the Difference.
  3. Version 12 : Directory-Based Administration
  4. Security Improvements Since Cerberus FTP Server 11.2.8