Vulnerabilities > CVE-2004-2532 - Credentials Management vulnerability in Solarwinds Serv-U File Server

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
solarwinds
CWE-255
critical
exploit available

Summary

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionServ-U 3x - 5.x Local Privilege Escalation Exploit. CVE-2004-2532. Local exploit for windows platform
idEDB-ID:381
last seen2016-01-31
modified2004-08-08
published2004-08-08
reporterAndrés Acunha
sourcehttps://www.exploit-db.com/download/381/
titleServ-U 3x - 5.x - Local Privilege Escalation Exploit