Common Key Vulnerability in Serv-U FTP Server

CVE-2021-35252

7.5HIGH

Key Information

Vendor: Solarwinds
Status: Serv-u Ftp Server
Vendor: CVE Published:; 16 December 2022

Summary

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

Affected Version(s)

Serv-U FTP Server = 15.3.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 16, 2022
Vulnerability Reserved.
Jun 22, 2021

Collectors

NVD DatabaseMitre Database

Credit

SecureWorks Disclosure Team