CVE-2020-27994

Vulnerability

SolarWinds Serv-U FTP server versions up to 15.2.1 do not properly validate path information when handling GET requests, allowing an authenticated user to traverse directories outside of their home directory. This path traversal vulnerability is present in the web-based components of the file server. [1]

Exploitation

An attacker must have valid authentication credentials to access the Serv-U FTP server. By crafting a specially crafted GET request containing directory traversal sequences (such as ../), the attacker can navigate outside the restricted user directory and access files and folders otherwise not accessible. No additional privileges or user interaction beyond authentication is required. [1]

Impact

Successful exploitation enables the attacker to read arbitrary files and list directories present on the web server, leading to unauthorized disclosure of sensitive information (e.g., configuration files, system data). The attacker does not achieve code execution or direct write access, but information disclosure may facilitate further compromise. [1]

Mitigation

The vulnerability is fixed in SolarWinds Serv-U version 15.2.2, released on an undisclosed date. Users should upgrade to 15.2.2 or later immediately. There are no known workarounds; updating to the patched version is the only mitigation. This CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]