Cyber Resilience

CVE-2012-10023

MediumPublic PoC

Published: 05 August 2025

Published
05 August 2025
Modified
03 September 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.8047 99.2th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-10023 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Freefloat Freefloat Ftp Server. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2012-10023 is a stack-based buffer overflow vulnerability (CWE-121) in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing an overly long username string to overflow the buffer allocated for user authentication. This memory corruption enables remote attackers to overwrite adjacent memory regions and potentially execute arbitrary code.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity and no privileges or user interaction required. Remote, unauthenticated attackers can trigger the flaw by connecting to the FTP server and sending a specially crafted USER command, achieving high confidentiality, integrity, and availability impacts through arbitrary code execution on the server host.

Advisories and resources referenced in the CVE include a Secunia advisory (archived), the vendor's archived site, and exploit details from sites like Exploit-DB (exploit 15689) and a Metasploit module (windows/ftp/freefloatftp_user.rb). These provide proof-of-concept exploits but no specific patch details are noted in the CVE information.

EU & UK References

Vulnerability details

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by…

more

sending an overly long username string, which overflows the buffer allocated for user authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated RCE via crafted input to public-facing FTP service matches T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25614Same product: Freefloat Freefloat Ftp Server
CVE-2012-10030Same product: Freefloat Freefloat Ftp Server
CVE-2025-11779Shared CWE-121
CVE-2026-25823Shared CWE-121
CVE-2025-69766Shared CWE-121
CVE-2025-60691Shared CWE-121
CVE-2019-25364Shared CWE-121
CVE-2026-39047Shared CWE-121
CVE-2025-69764Shared CWE-121
CVE-2019-25319Shared CWE-121

Affected Assets

freefloat
freefloat ftp server
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs such as the overly long USER command string to prevent stack-based buffer overflows.

prevent

Mandates identification, prioritization, and remediation of flaws like this buffer overflow vulnerability through patching or upgrades.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to prevent exploitation of the buffer overflow for arbitrary code execution.

References