SolarWinds Serv-U Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-28073

7.2HIGH

Key Information:

Vendor: Solarwinds
Status: Servu
Vendor: CVE Published:; 17 April 2024

Summary

A remote code vulnerability has been identified in SolarWinds Serv-U, which is susceptible to directory traversal issues. This security flaw enables attackers with high levels of privilege to manipulate file paths, potentially leading to unauthorized command execution. The exploitation requires access to a highly privileged user account, emphasizing the necessity for stringent access controls and regular security audits. Organizations leveraging SolarWinds Serv-U must ensure they are implementing the latest security patches to mitigate associated risks. For more information, please refer to the official advisory.

Affected Version(s)

ServU 15.4.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Alexander Skovsende at the Institut For Cyber Risk