Vulnerabilities > CVE-2018-15906 - Unspecified vulnerability in Solarwinds Serv-U FTP Server 15.1.6

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

solarwinds

critical

NVD

Published: 2019-03-21

Updated: 2019-10-03

Summary

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Serv U FTP Server 15.1.6	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/151473/solarwinds1516-escalate.txt
id	PACKETSTORM:151473
last seen	2019-02-02
published	2019-02-02
reporter	Chris Moberly
source	https://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
title	SolarWinds Serv-U FTP 15.1.6 Privilege Escalation

References

http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2019/Feb/4
http://www.securityfocus.com/bid/106844