CVE-2019-12181
CVE-2019-12181
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (7 stars) — exploitation code widely available.
CVSS —EPSS 66.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
13 Jan 2019Public PoC
05 Jun 2019Metasploit module available
17 Jun 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/mavlevin/CVE-2019-12181★ 7cve_referencepacketstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/153505/Serv-U-FTP-Server-prepareinstallation-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47072unverifiedexploitdbwww.exploit-db.com/exploits/47009unverifiedexploitdbwww.exploit-db.com/exploits/47173unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153505/Serv-U-FTP-Server-prepareinstallation-Privilege-Escalation.htmlhttps://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.htmlhttps://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-1-7_release_notes.htmhttps://support.solarwinds.com/SuccessCenter/s/article/Serv-U-Potential-elevation-of-privileges-on-Linux-systems