Scp Server 20180910

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

solarwinds

CWE-611

NVD

Published: 2018-12-05

Updated: 2020-12-18

Summary

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Sftp/Scp Server - Solarwinds Sftp/Scp Server 2018-09-10	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://seclists.org/fulldisclosure/2018/Dec/0