This is a very old vulnerability,it has been patched and eScan users are safe from the said vulnerability by the virtue of using the latest version of eScan V 14.
Description
The eScan Server (eserv.exe) listens on port 2021 for FTP connections using c\:pub as root path.
Although the server tries to avoid possible directory traversal attacks for example rejecting the dotdot patterns, is still possible for an attacker to download any file from the disk of the remote system simply applying a slash or a backslash at the beginning of the filename for selecting the root path of the disk.
For example /boot.ini, windows/win.ini and so on.
Only downloading files is allowed by the server, so deleting or uploading custom files is not possible.
Code
ftp://SERVER:2021//windows/win.ini
or manually:
ftp -A
open SERVER 2021
get /windows/win.ini local_win.ini
The output will be as shown below