CVE-2024-28995
SolarWinds Serv-U L Directory Transversal Vulnerability
In short
SolarWinds Serv-U has a flaw that lets attackers bypass directory restrictions and read sensitive files on the server. This is dangerous because it exposes confidential data like configuration files and credentials.
Technical detail
A path traversal vulnerability in SolarWinds Serv-U allows an attacker to use specially crafted input sequences (e.g., ../ patterns) to escape intended directory boundaries and access arbitrary files with the privileges of the Serv-U process. Exploitation requires network access to the Serv-U service; successful exploitation enables unauthorized information disclosure of sensitive files.
Summary generated and translated by AI from the official description.
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
SolarWinds · SolarWinds Serv-Upublic PoCs found — 11
githubgithub.com/Stuub/CVE-2024-28995★ 34githubgithub.com/bigb0x/CVE-2024-28995★ 14githubgithub.com/gotr00t0day/CVE-2024-28995★ 4githubgithub.com/ibrahmsql/CVE-2024-28995★ 4githubgithub.com/0xc4t/CVE-2024-28995★ 2githubgithub.com/ggfzx/CVE-2024-28995★ 2githubgithub.com/huseyinstif/CVE-2024-28995-Nuclei-Template★ 1githubgithub.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U★ 1githubgithub.com/demoAlitalia/CVE-2024-28995★ 0githubgithub.com/muhammetali20/CVE-2024-28995★ 0exploitdbwww.exploit-db.com/exploits/52311unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →