CVE-2024-45711 HIGH

CVE-2024-45711: SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability

Vendor Solarwinds
Product Serv-U
Weakness CWE-22 · Path traversal
Published October 16, 2024
Last update October 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 16, 2024 Record updated