CVE-2024-0732 is a medium-severity vulnerability affecting PCMan FTP Server version 2.0.7. The flaw resides in the STOR command handler component of the FTP server, which is responsible for handling file upload requests from clients. Specifically, the vulnerability is classified under CWE-404, indicating an improper resource shutdown or release issue. An attacker can remotely exploit this vulnerability without requiring authentication or user interaction by sending specially crafted STOR commands to the server. This manipulation causes the server to enter a denial-of-service (DoS) state, disrupting its availability and preventing legitimate users from uploading files or accessing FTP services. The CVSS v3.1 base score is 5.3, reflecting a network attack vector with low complexity, no privileges required, and no user interaction needed, but with impact limited to availability only. No patches or fixes have been publicly disclosed yet, and no known exploits are currently observed in the wild. However, the public disclosure of the vulnerability details increases the risk of future exploitation attempts. The vulnerability affects only version 2.0.7 of PCMan FTP Server, which is a lightweight FTP server software commonly used in small to medium business environments and by individual administrators for file transfer services.

For European organizations, the primary impact of CVE-2024-0732 is service disruption due to denial of service on FTP servers running the vulnerable PCMan FTP Server 2.0.7. Organizations relying on this FTP server for critical file transfer operations could experience downtime, loss of productivity, and potential delays in business processes. While the vulnerability does not compromise confidentiality or integrity, the availability impact can affect sectors where timely file exchange is essential, such as manufacturing, logistics, and financial services. Additionally, disruption of FTP services could indirectly impact compliance with data handling policies if file transfers are delayed or interrupted. Since the exploit requires no authentication and can be initiated remotely, attackers could target exposed FTP servers over the internet, increasing the risk for organizations with publicly accessible FTP endpoints. The lack of a patch means organizations must rely on mitigation strategies until an official fix is released.

European organizations should immediately audit their network to identify any instances of PCMan FTP Server version 2.0.7 in use, especially those exposed to the internet. If found, organizations should consider the following specific mitigations: 1) Temporarily disable or restrict access to the vulnerable FTP servers using firewall rules or network segmentation to limit exposure to trusted IP addresses only. 2) Replace or upgrade the FTP server software to a more secure and actively maintained alternative if an official patch is not yet available. 3) Monitor FTP server logs for unusual or malformed STOR command requests that could indicate exploitation attempts. 4) Implement intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect abnormal FTP traffic patterns related to this vulnerability. 5) Consider migrating critical file transfer operations to more secure protocols such as SFTP or FTPS, which provide encryption and stronger authentication mechanisms. 6) Establish incident response procedures to quickly isolate and remediate affected systems if a DoS attack is detected. These targeted actions go beyond generic advice by focusing on exposure reduction, monitoring, and alternative secure file transfer methods.