Platform
windows
Component
serv-u
Fixed in
15.4.2
CVE-2024-28073 describes a Remote Code Execution (RCE) vulnerability affecting SolarWinds Serv-U file transfer server. This flaw allows an attacker with highly privileged account access to leverage a directory traversal vulnerability to execute arbitrary code on the system. The vulnerability impacts versions of Serv-U up to and including 15.4.1. A patch is available in version 15.4.2.
Successful exploitation of CVE-2024-28073 grants an attacker the ability to execute arbitrary code on the affected Serv-U server with the privileges of the account used for the attack. This could lead to complete system compromise, including data exfiltration, malware installation, and lateral movement within the network. Given Serv-U's role as a file transfer server, sensitive data stored or transmitted through the server is at significant risk. The requirement for a privileged account mitigates the immediate risk, but organizations with poorly secured administrative accounts are particularly vulnerable. A successful attack could have a significant blast radius, potentially impacting the entire network if the compromised server has access to critical resources.
CVE-2024-28073 was publicly disclosed on April 17, 2024. As of this writing, it is not listed on the CISA KEV catalog or known to be actively exploited in the wild. Public proof-of-concept exploits are not yet available, but the relatively straightforward nature of directory traversal vulnerabilities suggests that such exploits may emerge. The requirement for a privileged account limits the immediate attack surface, but organizations should still prioritize patching.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-28073 is to upgrade SolarWinds Serv-U to version 15.4.2 or later. If immediate upgrading is not possible, restrict access to the Serv-U server to only authorized users with the minimum necessary privileges. Implement strict account management policies and enforce strong passwords. Consider implementing a Web Application Firewall (WAF) with rules to block directory traversal attempts. Monitor Serv-U logs for suspicious activity, particularly attempts to access files outside of the designated file transfer directories. After upgrading, confirm the vulnerability is resolved by attempting a directory traversal request and verifying that access is denied.
Actualice SolarWinds Serv-U a la última versión disponible proporcionada por el proveedor. Consulte el aviso de seguridad de SolarWinds para obtener instrucciones específicas sobre la actualización y las versiones corregidas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-28073 is a Remote Code Execution vulnerability in SolarWinds Serv-U versions up to 15.4.1. It allows attackers with privileged accounts to execute code via a directory traversal flaw.
You are affected if you are running SolarWinds Serv-U version 15.4.1 or earlier. Upgrade to version 15.4.2 to mitigate the risk.
Upgrade SolarWinds Serv-U to version 15.4.2 or later. If upgrading is not immediately possible, restrict privileged account access and monitor logs.
As of now, CVE-2024-28073 is not known to be actively exploited, but public exploits may emerge due to the nature of the vulnerability.
Refer to the official SolarWinds security advisory for CVE-2024-28073 on the SolarWinds support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.