CVE-2024-28995 - OpenCVE

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:serv-u::::::::
	cpe:2.3:a:solarwinds:serv-u:15.4.2:-::::::
	cpe:2.3:a:solarwinds:serv-u:15.4.2:hotfix1::::::

No data.

References

Link	Providers
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995

History

No history.

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2024-06-06T09:01:23.314Z

Updated: 2024-08-02T01:03:51.459Z

Reserved: 2024-03-13T20:27:09.783Z

Link: CVE-2024-28995

Vulnrichment

Updated: 2024-08-02T01:03:51.459Z

NVD

Status : Analyzed

Published: 2024-06-06T09:15:14.167

Modified: 2024-07-18T01:00:03.197

Link: CVE-2024-28995

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28995", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2024-03-13T20:27:09.783Z", "datePublished": "2024-06-06T09:01:23.314Z", "dateUpdated": "2024-08-02T01:03:51.459Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "SolarWinds Serv-U ", "vendor": "SolarWinds ", "versions": [{"status": "affected", "version": "15.4.2 HF 1 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hussein Daher"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. <p> </p>\n\n\n\n\n\n"}], "value": "\n\n\n\n\n\n\n\n\n\n\n\nSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. \n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2024-06-06T09:01:23.314Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<br>SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.4.2 HF 2 as soon as it becomes available.<br> <br><br>"}], "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.4.2 HF 2 as soon as it becomes available.\n \n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Serv-U L Directory Transversal Vulnerability ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "solarwinds", "product": "serv-u", "cpes": ["cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "15.4.2_hf_1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T16:46:00.595482Z", "id": "CVE-2024-28995", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-07-17", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T16:46:28.869Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.459Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.459Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28995", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T16:46:00.595482Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-07-17", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "affected": [{"cpes": ["cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*"], "vendor": "solarwinds", "product": "serv-u", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "15.4.2_hf_1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T13:06:44.945Z"}}], "cna": {"title": "SolarWinds Serv-U L Directory Transversal Vulnerability ", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hussein Daher"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds ", "product": "SolarWinds Serv-U ", "versions": [{"status": "affected", "version": "15.4.2 HF 1 and previous versions"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.4.2 HF 2 as soon as it becomes available.\n \n\n", "supportingMedia": [{"type": "text/html", "value": "<br>SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.4.2 HF 2 as soon as it becomes available.<br> <br><br>", "base64": false}]}], "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. \n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. <p> </p>\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2024-06-06T09:01:23.314Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28995", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:03:51.459Z", "dateReserved": "2024-03-13T20:27:09.783Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2024-06-06T09:01:23.314Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-08-07", "cisaExploitAdd": "2024-07-17", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "SolarWinds Serv-U Path Traversal Vulnerability ", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4075BBF-2BC5-494C-81ED-AC85AD8D30CF", "versionEndExcluding": "15.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.4.2:-:*:*:*:*:*:*", "matchCriteriaId": "60A6B282-872E-4228-A884-5DC5B44046BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u:15.4.2:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "EBDF03FF-C508-42BD-9B70-9F972A14087B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. \n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitir\u00eda el acceso para leer archivos confidenciales en la m\u00e1quina host."}], "id": "CVE-2024-28995", "lastModified": "2024-07-18T01:00:03.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2024-06-06T09:15:14.167", "references": [{"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}