SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine.
cve-2024-28995="" solarwinds-serv-u-path-traversal-vulnerability="" "="" title="SolarWinds Serv-U Path Traversal Vulnerability">CVE-2024-28995" title="SolarWinds" width="80%">
About CVE-2024-28995
Serv-U MFT Server is a widely used enterprise solution that provides secure file transfer and file sharing hosted on Windows and Linux machines.
Discovered and reported by Hussein Daher, CVE-2024-28995 is a directory transversal (aka path traversal) vulnerability that affects SolarWinds Serv-U 15.4.2 HF 1 and previous versions.
Directory traversal vulnerabilities allow attackers to access directories and files outside the server’s root directory.
The vulnerability’s CVSS base score indicates that it can be exploited remotely, through a low-complexity attack, and that no user interaction is required to leverage it.
SolarWinds fixed the flaw by releasing Serv-U 15.4.2 Hotfix 2, which is suitable for both Windows and Linux OSes (whether 32-bit or 64-bit), the company says. Admins are advised to update their Serv-U instances as soon as possible.
There is no mention of the bug being actively exploited, but attacker have been known to leverage Serv-U vulnerabilities (including zero-days).
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024