LiveActive security incident?Get immediate response
CVE Record

CVE-1999-1301: A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on t...

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-1999-1301 is an old Z-Modem file-transfer design issue. A malicious remote sender could cause the receiving client to run arbitrary programs in affected implementations. The source names FreeBSD rz in the rzsz module before FreeBSD 2.1.5, and says other programs may also be affected.

Executive priority

Treat this as a legacy exposure review, not an emergency, unless Z-Modem/rzsz is still used in sensitive environments. Prioritize removal or upgrade where present because the stated impact is arbitrary program execution on the receiving client.

Technical view

The flaw is described as a protocol design issue in Z-Modem as implemented by rz/rzsz. Impact is client-side arbitrary program execution triggered by a remote file sender. Public source data provides no CVSS, CWE, detailed affected matrix, exploit status, or comprehensive remediation details beyond FreeBSD before 2.1.5.

Likely exposure

Likely limited to legacy systems or environments still using Z-Modem/rz/rzsz for file transfer. Exposure is highest where users receive files over terminal sessions from untrusted or semi-trusted remote systems. Modern environments are less likely exposed unless compatibility tooling remains installed.

Exploitation context

No active exploitation is identified in the provided sources, and the CVE is not listed as KEV in the bundle. The described attack requires interaction with a Z-Modem file-transfer receiver and a malicious or compromised sender. The sources do not provide exploit details.

Researcher notes

Source evidence is sparse and historical. The affected statement names FreeBSD rz/rzsz before 2.1.5 and only says other programs are possible. Avoid broad product conclusions without confirming implementation behavior or vendor documentation.

Mitigation direction

  • Identify any use of Z-Modem, rz, or rzsz in legacy workflows.
  • For FreeBSD, ensure systems are not running versions before 2.1.5.
  • Remove unused Z-Modem/rz/rzsz tools from managed endpoints.
  • Restrict file transfers from untrusted remote systems.
  • Check current vendor guidance for any non-FreeBSD Z-Modem implementations.

Validation and detection

  • Inventory systems for installed rz, sz, or rzsz components.
  • Review legacy terminal and modem file-transfer workflows.
  • Confirm FreeBSD versions where rz/rzsz is present.
  • Verify whether users receive files from untrusted remote hosts.
  • Document any third-party Z-Modem clients and check vendor advisories.
Prepared
Confidence
medium
Sources
2

Public sources used

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-1999-1301 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
1Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.