SolarWinds Serv-U Local File Disclosure Directory Transversal Vulnerability

(CVE-2024-28995)

Summary

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that could allow access to read sensitive files on the host machine.

This is being exploited in the wild. This article details the attack behavior exhibited by threat actors. You can utilize these details to block the behavior in your external firewalls.

For installation instructions and how to apply the hotfix, please refer to this link.

Affected Products

SolarWinds Serv-U 15.4.2 HF 1 and previous versions

Fixed Software Release

SolarWinds Serv-U 15.4.2 HF 2

Acknowledgments

Hussein Daher

Advisory Detail

Severity

8.6 High

Advisory ID

CVE-2024-28995

First Published

06/05/2024

Last Published

06/21/2024

Fixed Version

SolarWinds Serv-U 15.4.2 HF 2

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N