CVE-2021-35223

Опубликовано: 31 авг. 2021

Источник: nvd

CVSS3: 8.5

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

Ссылки

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm
Release Notes
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223
Vendor Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm
Release Notes
Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

Версия до 15.2.4 (исключая)

EPSS

Процентиль: 90%

0.05282

Низкий

8.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7822-xr7f-c5pr

github

больше 3 лет назад

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of ‘user string variables,” allowing remote code execution.

EPSS

Процентиль: 90%

0.05282

Низкий

8.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo