2FA/MFA Bypass Vulnerability in Serv-U 15.4
CVE-2023-35179

7.2HIGH

Key Information:

Vendor

Solarwinds
Status
Serv-u
Vendor
CVE Published:
11 August 2023

What is CVE-2023-35179?

A security flaw exists in Serv-U version 15.4 that allows an attacker with administrative privileges to circumvent multi-factor authentication protections. If exploited, this vulnerability can provide unauthorized access to sensitive functionalities of the Serv-U product, significantly compromising its security posture.

Affected Version(s)

Serv-U Windows 15.4

References

https://www.solarwinds.com/trust-center/security-advisori...
https://support.solarwinds.com/SuccessCenter/s/article/Se...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.