Plattform
windows
Komponente
serv-u
Behoben in
15.4.2
CVE-2024-28073 describes a Remote Code Execution (RCE) vulnerability affecting SolarWinds Serv-U file transfer server. This flaw allows an attacker with highly privileged account access to leverage a directory traversal vulnerability to execute arbitrary code on the system. The vulnerability impacts versions of Serv-U up to and including 15.4.1. A patch is available in version 15.4.2.
Successful exploitation of CVE-2024-28073 grants an attacker the ability to execute arbitrary code on the server hosting SolarWinds Serv-U. This could lead to complete system compromise, including data exfiltration, malware installation, and lateral movement within the network. Given Serv-U's function as an FTP server, sensitive data stored or transferred through the server is at significant risk. The requirement of a privileged account mitigates the immediate risk, but attackers who have already gained such access can use this vulnerability to escalate their privileges and expand their control.
CVE-2024-28073 was publicly disclosed on April 17, 2024. The vulnerability requires a privileged account, which limits the immediate attack surface. Currently, there are no publicly available exploits, but the ease of Directory Traversal exploitation suggests a high probability of exploitation if a suitable attacker gains privileged access. It is not currently listed on the CISA KEV catalog.
Organizations that rely on SolarWinds Serv-U for file transfer and have not upgraded to version 15.4.2 are at risk. This includes businesses of all sizes, particularly those with legacy Serv-U deployments or those that have not implemented robust account management practices. Shared hosting environments where Serv-U is installed are also at increased risk due to the potential for cross-tenant exploitation.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "servu"}• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4625" -MaxEvents 10 | Select-Object -Property TimeCreated, ProcessName, CommandLine• windows / supply-chain: Check Autoruns for suspicious entries related to Serv-U or its installation directory. • windows / supply-chain: Monitor Windows Defender for alerts related to file access attempts outside of the Serv-U installation directory.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-28073 is to upgrade to SolarWinds Serv-U version 15.4.2 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider restricting access to the Serv-U server to only authorized users with strong authentication. Review existing user accounts and privileges to ensure least privilege access is enforced. Monitor Serv-U logs for any suspicious activity, particularly attempts to access or traverse directories outside of expected paths. While a WAF may not directly prevent this Directory Traversal, it can be configured to detect and block requests containing suspicious path traversal sequences.
Actualice SolarWinds Serv-U a la última versión disponible proporcionada por el proveedor. Consulte el aviso de seguridad de SolarWinds para obtener instrucciones específicas sobre la actualización y las versiones corregidas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28073 is a Remote Code Execution vulnerability in SolarWinds Serv-U versions up to 15.4.1. It allows attackers with privileged accounts to execute code via a directory traversal flaw.
You are affected if you are running SolarWinds Serv-U version 15.4.1 or earlier. Upgrade to version 15.4.2 to mitigate the risk.
Upgrade SolarWinds Serv-U to version 15.4.2 or later. If upgrading is not immediately possible, restrict privileged account access and monitor logs.
As of now, CVE-2024-28073 is not known to be actively exploited, but public exploits may emerge due to the nature of the vulnerability.
Refer to the official SolarWinds security advisory for CVE-2024-28073 on the SolarWinds support website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.