CVE-2020-5639 – CVE-2020-5639 is a directory traversal vulnerab... (How to Fix)

Q: What is the severity of CVE-2020-5639?

CVE-2020-5639 has a CVSS score of 9.8 (CRITICAL). CVE-2020-5639 is a directory traversal vulnerability in FileZen file transfer software that allows remote attackers to upload arbitrary files to specific directories, potentially leading to remote code execution. This affects FileZen versions V3.0.0 through V4.2.2. Organizations using vulnerable FileZen installations are at risk of complete system compromise.

📋 TL;DR

CVE-2020-5639 is a directory traversal vulnerability in FileZen file transfer software that allows remote attackers to upload arbitrary files to specific directories, potentially leading to remote code execution. This affects FileZen versions V3.0.0 through V4.2.2. Organizations using vulnerable FileZen installations are at risk of complete system compromise.

💻 Affected Systems

Products:

FileZen

Versions: V3.0.0 to V4.2.2

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations within the affected version range are vulnerable. The vulnerability exists in the file upload functionality.

📦 What is this software?

Filezen by Soliton

View all CVEs affecting Filezen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to install malware, exfiltrate data, pivot to other systems, or deploy ransomware.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, data theft, or service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation, file integrity monitoring, and least privilege access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are commonly exploited and weaponized. The CVSS 9.8 score indicates trivial exploitation with high impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.2.3 and later

Vendor Advisory: https://www.soliton.co.jp/support/2020/004278.html

Restart Required: Yes

Instructions:

1. Download FileZen V4.2.3 or later from Soliton support portal. 2. Backup configuration and data. 3. Stop FileZen service. 4. Install the updated version. 5. Restart FileZen service. 6. Verify functionality.

🔧 Temporary Workarounds

Restrict File Upload Directory

all

Configure FileZen to only allow uploads to specific, non-executable directories with strict permissions.

Network Segmentation

all

Place FileZen behind a firewall with strict inbound rules, limiting access to trusted IP addresses only.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block directory traversal patterns in file upload requests.
Disable FileZen's file upload functionality entirely if not required for business operations.

🔍 How to Verify

Check if Vulnerable:

Check FileZen version via admin interface or configuration files. Versions V3.0.0 through V4.2.2 are vulnerable.

Check Version:

Check FileZen admin console or configuration files for version information.

Verify Fix Applied:

Verify FileZen version is V4.2.3 or later. Test file upload functionality with directory traversal attempts to confirm patching.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns
Directory traversal strings in request logs (e.g., '../', '..\')
Unexpected file creation in system directories

Network Indicators:

HTTP requests containing directory traversal sequences in file upload parameters
Unusual outbound connections from FileZen server

SIEM Query:

source="filezen.log" AND ("../" OR "..\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2020-5639

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 14, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/jp/JVN12884935/index.html Third Party Advisory
https://jvn.jp/jp/JVN12884935/index.html Third Party Advisory
https://www.soliton.co.jp/support/2020/004278.html Vendor Advisory
https://jvn.jp/en/jp/JVN12884935/index.html Third Party Advisory
https://jvn.jp/jp/JVN12884935/index.html Third Party Advisory
https://www.soliton.co.jp/support/2020/004278.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5639, you might also want to check these: