Skip to main content

ServerView Agents EUVDEUVD-2026-33572

| CVE-2026-32325 HIGH
Privilege Chaining (CWE-268)
2026-06-01 vultures@jpcert.or.jp GHSA-wvf7-cf8r-8fw5
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 01, 2026 - 09:30 vuln.today
CVE Published
Jun 01, 2026 - 09:16 nvd
HIGH 8.5

DescriptionCVE.org

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

AnalysisAI

Local privilege escalation in Fujitsu ServerView Agents for Windows V11.60.04 and earlier enables an authenticated low-privileged user to chain privileges and obtain SYSTEM-level access on the host. The flaw was reported by JPCERT/CC and is documented in JVN advisory JVN67883085 and FSAS Technologies advisory 0529; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

ServerView Agents is Fujitsu's server management agent software, deployed on Windows-based PRIMERGY and related server platforms to expose hardware health, inventory, and monitoring data to ServerView Operations Manager. The root cause class is CWE-268 (Privilege Chaining), in which two or more lower-privileged actions or trust relationships can be combined to grant a level of access neither would provide alone - typical examples include a service running as SYSTEM that improperly trusts input from, invokes, or shares writable resources with a lower-privileged caller. The 'Microsoft' tag and Windows-only scope indicate the defect lies in how the agent's Windows service components interact with non-administrative local users on the same host.

RemediationAI

Upgrade ServerView Agents for Windows to a fixed release later than V11.60.04 as published in the FSAS Technologies advisory at https://www.fsastech.com/ja-jp/resources/security/2026/0529.html and cross-referenced by JVN67883085 at https://jvn.jp/en/jp/JVN67883085/; the exact fixed version string is not included in the supplied input, so confirm the target build directly from the vendor advisory before deploying. Until patched, restrict interactive and remote logon to the affected servers to administrators only via Group Policy ('Allow log on locally' and 'Allow log on through Remote Desktop Services'), remove standard-user accounts from these hosts, and audit ACLs on the ServerView installation directory and its Windows services with tools such as accesschk to detect any writable paths or service-modification rights held by non-admins. As a more disruptive fallback, stopping and disabling the ServerView Agent services will remove the attack surface at the cost of losing hardware monitoring telemetry to ServerView Operations Manager.

Share

EUVD-2026-33572 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy