Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability 

(CVE-2024-45711)

Summary

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated. This is present when software environment variables are abused. Authentication is required for this vulnerability.

Affected Products

Serv-U 15.4.2 and previous versions

Fixed Software Release

Serv-U 15.5

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Details

Severity

7.5 High

Advisory ID

First Published

10/16/2024

Last Published

10/16/2024

Fixed Version

Serv-U 15.5