Platform
windows
Component
serv-u-ftp
Fixed in
15.4.3
CVE-2024-45711 is a Remote Code Execution (RCE) vulnerability affecting SolarWinds Serv-U FTP versions up to and including 15.4.2 HF 2. This vulnerability allows authenticated attackers to execute arbitrary code by abusing software environment variables. Successful exploitation requires a user to be authenticated within the system. A patch is available in version 15.4.3.
The impact of CVE-2024-45711 is significant due to the potential for remote code execution. An attacker who can authenticate to the Serv-U FTP server and has sufficient privileges can leverage this vulnerability to execute arbitrary commands on the server. This could lead to complete system compromise, data exfiltration, and the installation of malware. The ability to execute code remotely bypasses standard security controls and allows for a wide range of malicious activities. The requirement for authentication limits the immediate attack surface, but if credentials are compromised, the consequences are severe.
CVE-2024-45711 was publicly disclosed on October 16, 2024. The vulnerability's exploitation context is currently unclear, with no immediate reports of active campaigns. The requirement for authentication may limit its immediate exploitability, but the potential for RCE warrants careful attention. The CVSS score of 7.5 (HIGH) reflects the potential impact and ease of exploitation given authentication. No KEV listing at the time of this writing.
Exploit Status
EPSS
10.69% (93% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-45711 is to upgrade to SolarWinds Serv-U FTP version 15.4.3 or later. If upgrading immediately is not possible, consider restricting user privileges within the FTP server to minimize the potential impact of exploitation. Review and harden the environment variables accessible to the FTP server process. Implement a Web Application Firewall (WAF) or proxy to filter potentially malicious requests targeting the FTP server. Monitor FTP server logs for suspicious activity, particularly requests involving environment variables. After upgrading, confirm the fix by attempting to trigger the directory traversal vulnerability with a test user account and verifying that the attempt is blocked.
Actualice SolarWinds Serv-U a la última versión disponible proporcionada por el proveedor. Consulte el aviso de seguridad de SolarWinds para obtener instrucciones específicas sobre la actualización y mitigación.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-45711 is a Remote Code Execution vulnerability in SolarWinds Serv-U FTP versions up to 15.4.2 HF 2, allowing authenticated attackers to execute code by abusing environment variables.
You are affected if you are using SolarWinds Serv-U FTP versions 15.4.2 HF 2 or earlier. Upgrade to 15.4.3 or later to mitigate the risk.
Upgrade to SolarWinds Serv-U FTP version 15.4.3 or later. Consider restricting user privileges and reviewing environment variables as interim measures.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and remediation.
Refer to the official SolarWinds security advisory for CVE-2024-45711 on the SolarWinds website (check their security advisories page).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.