Serv U Ftp Server
CVE-2019-12181
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
AnalysisAI
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Affected products include: Solarwinds Serv-U Ftp Server, Solarwinds Serv-U Mft Server. Version information: before 15.1.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Serv U Ftp Server
View allSolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. Rated critical severity (CVSS 9.8), this
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. Rated critical severity (CVSS 9.8), this vulner
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vul
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a diffe
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. Rated medium severity (CVSS
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. Rated med
Same weakness CWE-78 – OS Command Injection
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today