SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
Fixes

Solution

All SolarWinds customers are advised to upgrade to the latest version of the SolarWinds Serv-U 15.5.


Workaround

No workaround given by the vendor.

History

Wed, 16 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Solarwinds
Solarwinds serv-u
CPEs cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
Vendors & Products Solarwinds
Solarwinds serv-u
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Description SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
Title SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published:

Updated: 2024-10-16T13:22:44.193Z

Reserved: 2024-09-05T08:28:03.887Z

Link: CVE-2024-45711

cve-icon Vulnrichment

Updated: 2024-10-16T13:22:35.391Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-16T08:15:06.690

Modified: 2024-10-17T20:17:29.207

Link: CVE-2024-45711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.