Plattform
windows
Komponente
serv-u-ftp
Behoben in
15.4.3
CVE-2024-45711 is a Remote Code Execution (RCE) vulnerability affecting SolarWinds Serv-U FTP versions up to and including 15.4.2 HF 2. This vulnerability allows authenticated attackers to execute arbitrary code by abusing software environment variables. Successful exploitation requires a user to be authenticated within the system. A patch is available in version 15.4.3.
The impact of CVE-2024-45711 is significant due to the potential for remote code execution. A successful exploit allows an attacker to gain complete control over the affected FTP server. This could lead to data exfiltration, malware deployment, system compromise, and lateral movement within the network. The requirement for authentication limits the immediate attack surface, but if attackers can compromise a legitimate user account, the consequences are severe. This vulnerability shares similarities with other environment variable exploitation techniques, highlighting the importance of secure configuration practices.
CVE-2024-45711 was publicly disclosed on 2024-10-16. Its CVSS score of 7.5 (HIGH) indicates a significant risk. As of this writing, no public proof-of-concept (POC) exploits have been released, but the vulnerability’s nature suggests it could be relatively easy to exploit once a suitable POC is developed. It is not currently listed on CISA KEV, but this could change depending on observed exploitation activity.
Organizations utilizing SolarWinds Serv-U FTP, particularly those with legacy configurations or shared hosting environments, are at risk. Environments where user accounts have elevated privileges within the FTP server are especially vulnerable. Any deployment using older, unpatched versions of Serv-U FTP is potentially exposed.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "ServU"} | Select-Object -ExpandProperty CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID=1000" -MaxEvents 10 | Select-String -Pattern "ServU"• windows / supply-chain: Check Autoruns for unusual entries related to Serv-U or its environment variables. • generic web: Review access logs for unusual requests targeting FTP directories or files, especially those involving environment variables.
disclosure
Exploit-Status
EPSS
10.69% (93% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-45711 is to upgrade to SolarWinds Serv-U FTP version 15.4.3 or later. If immediate upgrading is not possible, implement temporary workarounds. Restrict user permissions within Serv-U to the minimum necessary for their tasks. Deploy a Web Application Firewall (WAF) with rules to filter potentially malicious environment variable manipulations. Carefully review and sanitize any user-supplied input used in environment variable settings. Monitor Serv-U logs for suspicious activity, particularly related to environment variable access.
Actualice SolarWinds Serv-U a la última versión disponible proporcionada por el proveedor. Consulte el aviso de seguridad de SolarWinds para obtener instrucciones específicas sobre la actualización y mitigación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-45711 is a Remote Code Execution vulnerability in SolarWinds Serv-U FTP versions up to 15.4.2 HF 2, allowing authenticated attackers to execute code by abusing environment variables.
You are affected if you are using SolarWinds Serv-U FTP versions 15.4.2 HF 2 or earlier. Upgrade to 15.4.3 or later to mitigate the risk.
Upgrade to SolarWinds Serv-U FTP version 15.4.3 or later. Consider restricting user privileges and reviewing environment variables as interim measures.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and remediation.
Refer to the official SolarWinds security advisory for CVE-2024-45711 on the SolarWinds website (check their security advisories page).
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.