Login Sign Up

CVE-2013-7465

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

Ice Cold Apps Servers Ultimate 6.0.2(12) lacks authentication for TELNET, SSH, and FTP services, allowing remote attackers to upload and execute arbitrary PHP code. This affects all systems running the vulnerable version of this Android server application. Attackers can achieve remote code execution without any credentials.

💻 Affected Systems

Products:
  • Ice Cold Apps Servers Ultimate
Versions: 6.0.2(12)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration where TELNET, SSH, and FTP services run without authentication.

📦 What is this software?

Servers Ultimate by Icecoldapps

View all CVEs affecting Servers Ultimate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, installing malware, stealing data, and using the system as a pivot point for further attacks.

🟠

Likely Case

Remote code execution leading to web shell installation, data theft, and potential ransomware deployment.

🟢

If Mitigated

No impact if authentication is properly configured or services are disabled.

🌐 Internet-Facing: HIGH - Directly exposed to internet attackers without authentication requirements.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is trivial - attackers can simply connect via TELNET/SSH/FTP without credentials and upload PHP scripts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or discontinuing use of this software.

🔧 Temporary Workarounds

Enable Authentication for Services

android

Configure TELNET, SSH, and FTP services to require authentication before allowing connections.

Configure through application settings to enable authentication

Disable Unnecessary Services

android

Turn off TELNET, SSH, and FTP services if they are not required.

Disable services through application settings

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected systems
  • Deploy network-based controls to block TELNET/SSH/FTP traffic to vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Attempt to connect via TELNET, SSH, or FTP without credentials. If connection succeeds, the system is vulnerable.

Check Version:

Check application version in app settings or about section

Verify Fix Applied:

Verify that authentication is required for TELNET, SSH, and FTP connections.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated TELNET/SSH/FTP connections
  • PHP file uploads via FTP
  • Unusual process execution

Network Indicators:

  • TELNET/SSH/FTP traffic to Android devices
  • PHP file transfers via FTP

SIEM Query:

source_port=21 OR source_port=22 OR source_port=23 AND destination_ip=[android_device_ip] AND auth_success=false

📊 Metadata

CVE ID: CVE-2013-7465
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: October 5, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-7465, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2019-1867 10.0

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco Elastic...

Same vulnerability type (CWE-287)