Directory Traversal Vulnerability in SolarWinds Serv-U FTP Software
CVE-2021-25276
7.1HIGH
What is CVE-2021-25276?
A vulnerability in SolarWinds Serv-U FTP software prior to version 15.2.2 Hotfix 1 allows unprivileged Windows users to gain unauthorized access to a directory containing user profile files, which include sensitive password hashes. By copying an existing valid profile file into this world-readable and writable directory, potential attackers can create new FTP users or replace existing files, effectively gaining LocalSystem privileges and compromising system security.