Privilege Escalation Vulnerability in SolarWinds Serv-U for Linux
CVE-2019-12181

8.8HIGH

Key Information:

Vendor
Solarwinds
Status
Serv-u Mft Server
Serv-u Ftp Server
Vendor
CVE Published:
17 June 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%

Summary

A privilege escalation vulnerability has been identified in SolarWinds Serv-U for Linux, allowing an attacker to exploit certain weaknesses in the software prior to version 15.1.7. This flaw could potentially enable unauthorized users to gain elevated access to system resources, posing risks to the integrity and confidentiality of sensitive data. Users are advised to upgrade to the patched version to mitigate potential threats. Further details can be found in the relevant support documents and security advisories.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2019-12181
Created by Rapid7

CVE-2019-12181
Created by mavlevin

References

https://documentation.solarwinds.com/en/success_center/se...
x_refsource_CONFIRM
https://support.solarwinds.com/SuccessCenter/s/article/Se...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/153333/Serv-U-FTP-Se...
x_refsource_MISC

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.