Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability (CVE-2024-45711)

Summary

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated. This is present when software environment variables are abused. Authentication is required for this vulnerability.

Affected Products

Serv-U 15.4.2 and previous versions

Fixed Software Release

Serv-U 15.5

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Details
Severity
High
Advisory ID

CVE-2024-45711

First Published
10/16/2024
Last Published
10/16/2024
Fixed Version

Serv-U 15.5

CVSS Score

7.5 CVSS: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email