CVE-2018-15906

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

Ссылки

http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/4
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/106844
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/4
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/106844
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04146

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6v7c-w9v8-4qwf