Common Key Vulnerability in Serv-U FTP Server
CVE-2021-35252

7.5HIGH

Key Information:

Vendor: Solarwinds
Status: Serv-u Ftp Server
Vendor: CVE Published:; 16 December 2022

Summary

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

Affected Version(s)

Serv-U FTP Server 15.3.0

References

https://documentation.solarwinds.com/en/success_center/se...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3...

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
Jun 22, 2021

Credit

SecureWorks Disclosure Team