SolarWinds Serv-U up to 15.2.1 on Windows Home Directory permission

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in SolarWinds Serv-U up to 15.2.1 on Windows (File Transfer Software) and classified as critical. Affected by this issue is some unknown functionality of the component Home Directory Handler. Applying the patch 15.2.2 Hotfix 1 is able to eliminate this problem.

Field02/04/2021 10:49 AM02/23/2021 01:32 PM
platformWindowsWindows
componentHome Directory HandlerHome Directory Handler
cwe275 (privilege escalation)275 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
namePatchPatch
patch_name15.2.2 Hotfix 115.2.2 Hotfix 1
cveCVE-2021-25276CVE-2021-25276
vendorSolarWindsSolarWinds
nameServ-UServ-U
version<=15.2.1<=15.2.1
date1612393200 (02/04/2021)1612393200 (02/04/2021)
typeFile Transfer SoftwareFile Transfer Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore6.55.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.36.0
price_0day$0-$5k$0-$5k
cve_assigned1610665200
cve_nvd_summaryIn SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!