Local Privilege Escalation in Serv-U FTP Server by Serv-U Technologies
CVE-2004-2532

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 31 December 2004

Summary

The Serv-U FTP server prior to version 5.1.0.0 contains a vulnerability due to a default account and password for local administration. This flaw allows unauthorized local users to gain elevated rights by connecting with the default administrator account. Once logged in, an attacker can create new user accounts and leverage the SITE EXEC command to execute arbitrary commands, potentially compromising system integrity and data security. Administrators are urged to update to the latest version and remove default credentials to mitigate this risk.

References

http://www.securityfocus.com/bid/10886

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/16925

vdb-entryx_refsource_XF

http://www.osvdb.org/8877

vdb-entryx_refsource_OSVDB

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 25, 2005
Vulnerability published
Dec 31, 2004