SolarWinds Serv-U Vulnerable to Directory Traversal Remote Code Execution
CVE-2024-28073

7.2HIGH

Key Information:

Vendor: Solarwinds
Status: Servu
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-28073?

A remote code vulnerability has been identified in SolarWinds Serv-U, which is susceptible to directory traversal issues. This security flaw enables attackers with high levels of privilege to manipulate file paths, potentially leading to unauthorized command execution. The exploitation requires access to a highly privileged user account, emphasizing the necessity for stringent access controls and regular security audits. Organizations leveraging SolarWinds Serv-U must ensure they are implementing the latest security patches to mitigate associated risks. For more information, please refer to the official advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ServU 15.4.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Mar 1, 2024

Credit

Alexander Skovsende at the Institut For Cyber Risk

JSON

Solarwinds

What is CVE-2024-28073?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.