Skip to main content

Security update addresses a vulnerability that could lead to unauthorised access of confidential files

Threat ID:CC-4507
Threat Severity:Medium
Published:7 June 2024 2:51 PM

Summary

Security update addresses a vulnerability that could lead to unauthorised access of confidential files

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 15.4.2 Hotfix 2
SolarWinds Serv-U

Threat details

Introduction

SolarWinds has released a security update to address a directory traversal vulnerability in Serv-U, a managed file transfer (MFT) platform. An unauthorised attacker could exploit this vulnerability to access and read confidential files on a host device. This vulnerability is rated as high with a CVSSv3 score of 8.6.


Active Exploitation of CVE-2024-28995

A public proof-of-concept is available for this vulnerability and security researchers have observed exploitation attempts in the wild.

Threat updates

   
19 Jun 2024 Exploitation and proof-of-concept of CVE-2024-28995

Remediation advice

Affected organisations are encouraged to review the SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995) advisory and apply any necessary updates. 

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-28995SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Last edited: 19 June 2024 11:03 am

Back to top