Advisory
July 17, 2024 Advisory: Vulnerability in SolarWinds Serv-U Path Traversal [CVE-2024-28995]
July 17, 2024
- Date Published: July 17th, 2024
- CVE-ID and CVSS Score: CVE-2024-28995 (CVSS Score 7.5)
- Issue Name and Description: SolarWinds Serv-U Path Traversal Vulnerability
- Asset Description: SolarWinds Serv-U is a multi-protocol file server that allows users to send and receive files from other networked computers. This affects versions 15.4.2 and earlier.
- Vulnerability Impact: SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
- Exploitation Details:
- According to CISA this vulnerability has been exploited in the wild and is classified as a KEV. GreyNoise has also reported widespread exploitation.
- Patch Availability:
- SolarWinds has patched this CVE in SolarWinds Serv-U 15.4.2 Hotfix 2.
- Detection with Censys: The following queries can be leveraged to identify all Censys-visible public-facing Serv-U instances. Note that the Search and ASM queries do not pinpoint vulnerable versions.
- Censys Search query for exposures: services.software.product: “Serv-U”
- Censys ASM query for exposures: host.services.software.product: “Serv-U” or web_entity.instances.software.product: “Serv-U”
- Censys ASM Risk query for potentially vulnerable instances: risks.name=”Vulnerable SolarWinds Serv-U [CVE-2024-28995]”
- References: