CVE-2024-58299

CriticalPublic PoC

Published: 12 December 2025

Published

12 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0034 57.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system…

access.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the known buffer overflow vulnerability in PCMan FTP Server's 'pwd' command to eliminate the risk of remote code execution.

SI-16 Memory Protection good match

prevent

Provides memory protections like address space layout randomization and data execution prevention to block arbitrary code execution from stack-based buffer overflows.

SI-10 Information Input Validation good match

prevent

Enforces information input validation at FTP command entry points to reject specially crafted 'pwd' payloads that trigger the buffer overflow.

Security SummaryAI

CVE-2024-58299 is a stack-based buffer overflow vulnerability (CWE-121) in the 'pwd' command of PCMan FTP Server 2.0. The flaw allows remote attackers to execute arbitrary code by sending a specially crafted payload during the FTP login process, which overwrites memory and can lead to full system access. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its ease of exploitation and severe impact.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By connecting to an affected FTP server and issuing the malformed 'pwd' command during login, they can trigger the overflow, achieve remote code execution, and potentially compromise the host system, exfiltrating data, modifying files, or using it as a pivot point.

Advisories and related resources include a VulnCheck advisory detailing the remote buffer overflow via the 'pwd' command (https://www.vulncheck.com/advisories/pcman-ftp-server-remote-buffer-overflow-via-pwd-command), a public proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/51767), and the project page on SourceForge (https://sourceforge.net/projects/pcmanftpd/). Practitioners should review these for any recommended mitigations or patches, as the CVE description does not specify fixes.

A public exploit is available, highlighting the risk of active exploitation against unpatched instances of this legacy FTP server.

Details

CWE(s): CWE-121

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing PCMan FTP Server enables remote unauthenticated arbitrary code execution via crafted 'pwd' command, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://sourceforge.net/projects/pcmanftpd/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51767
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/pcman-ftp-server-remote-buffer-overflow-via-pwd-command
disclosure@vulncheck.com