Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
(CVE-2024-45711)
Summary
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated. This is present when software environment variables are abused. Authentication is required for this vulnerability.
Affected Products
Serv-U 15.4.2 and previous versions
Fixed Software Release
Serv-U 15.5
Acknowledgments
Anonymous working with Trend Micro Zero Day Initiative
Advisory Details
Severity
7.5 High
Advisory ID
First Published
10/16/2024
Last Published
10/16/2024
Fixed Version
Serv-U 15.5