MFA/2FA Bypass Vulnerability in Serv-U 15.4: Serv-U 15.4 and 15.4 HF1 (CVE-2023-40060)

Summary

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. The previous vulnerability (CVE-2023-35179) was not completely resolved in 15.4 Hotfix 1.

Affected Products

  • Serv-U 15.4 HF1 and earlier

Fixed Software Release

Advisory Details
Severity
Medium
Advisory ID

CVE-2023-40060

First Published
08/30/2023
Last Updated
08/30/2023
Fixed Version

Serv-U 15.4 HF2

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email