CVE-2021-35223 - OpenCVE

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm
https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223

History

No history.

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-08-31T16:00:18

Updated: 2024-08-04T00:33:51.260Z

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35223

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-31T16:15:07.750

Modified: 2021-09-16T12:38:34.633

Link: CVE-2021-35223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Serv-U", "vendor": "SolarWinds", "versions": [{"lessThanOrEqual": "15.2.4 ", "status": "affected", "version": "15.2.3 and previous versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank Exodus Intelligence (exodusintel.com) for reporting on the issue in a responsible manner"}], "descriptions": [{"lang": "en", "value": "The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-10T11:30:06", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends customers upgrade to the latest version of the product as soon as possible. Upgrading the software will remediate this vulnerability. "}], "source": {"defect": ["CVE-2021-35223"], "discovery": "UNKNOWN"}, "title": "Execute Command Function Allows Remote Code Execution (RCE)Vulnerability ", "workarounds": [{"lang": "en", "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2021-35223", "STATE": "PUBLIC", "TITLE": "Execute Command Function Allows Remote Code Execution (RCE)Vulnerability "}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Serv-U", "version": {"version_data": [{"version_affected": "<=", "version_name": "15.2.3 and previous versions", "version_value": "15.2.4 "}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank Exodus Intelligence (exodusintel.com) for reporting on the issue in a responsible manner"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US", "refsource": "MISC", "url": "https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}, {"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm"}, {"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223"}]}, "solution": [{"lang": "en", "value": "SolarWinds recommends customers upgrade to the latest version of the product as soon as possible. Upgrading the software will remediate this vulnerability. "}], "source": {"defect": ["CVE-2021-35223"], "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\nhttps://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223"}]}]}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35223", "datePublished": "2021-08-31T16:00:18", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2024-08-04T00:33:51.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "1882D2EA-8C83-4C41-B63D-57735E0F4DAE", "versionEndExcluding": "15.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution."}, {"lang": "es", "value": "El Servidor de Archivos Serv-U permite auditar eventos como los fallos de inicio de sesi\u00f3n de los usuarios mediante la ejecuci\u00f3n de un comando. Este comando puede ser suministrado con par\u00e1metros que pueden tomar la forma de variables de cadena de usuario, permitiendo la ejecuci\u00f3n remota de c\u00f3digo"}], "id": "CVE-2021-35223", "lastModified": "2021-09-16T12:38:34.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-08-31T16:15:07.750", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}