Skip to main content

ServerView Agents CVE-2026-27788

| EUVDEUVD-2026-33571 HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2026-06-01 vultures@jpcert.or.jp GHSA-p97f-3rpx-7xfx
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 01, 2026 - 09:30 vuln.today
CVE Published
Jun 01, 2026 - 09:16 nvd
HIGH 8.5

DescriptionCVE.org

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

AnalysisAI

Local privilege escalation in Fujitsu ServerView Agents for Windows version 11.60.04 and earlier allows an authenticated low-privileged user on the host to obtain SYSTEM-level privileges through incorrect permission assignment on a critical resource. The flaw is reported by JPCERT/CC under JVN#67883085 with a CVSS 4.0 score of 8.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

ServerView Agents is Fujitsu's in-band server management agent suite, deployed on Windows hosts to expose hardware health, inventory, and event data to ServerView Operations Manager and ISM. The root cause is CWE-732 (Incorrect Permission Assignment for Critical Resource), meaning a file, directory, registry key, named pipe, or Windows service object installed by the agent is created with an ACL that grants modify or write access to a non-privileged group (often Authenticated Users or BUILTIN\Users). Because ServerView Agents components typically run as LocalSystem services on Windows, a writable binary, DLL search-path entry, or service configuration in that trust boundary lets a local user substitute their own code, which is then executed under the SYSTEM account on next service start or auto-load.

RemediationAI

Upgrade ServerView Agents for Windows to the fixed release published by Fujitsu/FsasTech as referenced in advisory https://www.fsastech.com/ja-jp/resources/security/2026/0529.html (no exact fix version is included in the provided data, so confirm the patched build directly from the vendor advisory and JVN#67883085 at https://jvn.jp/en/jp/JVN67883085/). Until patched, restrict interactive and remote desktop logon to the affected servers to administrators only, audit the ACLs on the ServerView Agents install directory and its Windows service binaries/configurations with tools such as AccessChk to identify and tighten any non-admin writable objects, and monitor for service binary replacement and unexpected SYSTEM-spawned child processes. Stopping or disabling the ServerView Agents services is a possible compensating control but will blind ServerView Operations Manager/ISM to that host's hardware health and event stream, so weigh that loss of monitoring against exposure.

Share

CVE-2026-27788 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy