Vulnerabilities > CVE-2004-2532 - Credentials Management vulnerability in Solarwinds Serv-U File Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

solarwinds

CWE-255

critical

exploit available

NVD

Published: 2004-12-31

Updated: 2020-07-28

Summary

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Serv U File Server 3.0.0.16 Solarwinds Serv U File Server 3.0.0.17 Solarwinds Serv U File Server 3.1.0.0 Solarwinds Serv U File Server 3.1.0.1 Solarwinds Serv U File Server 3.1.0.3 Solarwinds Serv U File Server 4.0.0.4 Solarwinds Serv U File Server 4.1.0.0 Solarwinds Serv U File Server 4.1.0.3 Solarwinds Serv U File Server 5.0.0.0 Solarwinds Serv U File Server 5.0.0.4 Solarwinds Serv U File Server 5.0.0.9 Solarwinds Serv U File Server 5.0.0.11	12

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Serv-U 3x - 5.x Local Privilege Escalation Exploit. CVE-2004-2532. Local exploit for windows platform
id	EDB-ID:381
last seen	2016-01-31
modified	2004-08-08
published	2004-08-08
reporter	AndrÃ©s Acunha
source	https://www.exploit-db.com/download/381/
title	Serv-U 3x - 5.x - Local Privilege Escalation Exploit

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References