CVE-2021-25276
Description
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users password hashes) that is world readable and writable. An unprivileged Windows user (having access to the servers filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C: home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.405
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Serv-U FTP Server 15.2.1 | Windows |
| Vulnerabilities CVE-2021-25276,CVE-2021-32604,CVE-2021-35211 are affected in Serv-U FTP Server 15.2.2 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234