2FA/MFA Bypass Vulnerability in Serv-U 15.4

Vulnerability

A vulnerability in SolarWinds Serv-U 15.4 allows an authenticated administrator to bypass multi-factor/two-factor authentication (MFA/2FA) [1]. The flaw exists in the authentication mechanism of Serv-U 15.4, requiring the attacker to have administrator-level access to the Serv-U server. No other versions are mentioned as affected; the fixed version is Serv-U 15.4 HF1 [1].

Exploitation

An attacker with administrator-level access to a Serv-U 15.4 instance can exploit this vulnerability to bypass the MFA/2FA requirement [1]. The exact steps are not publicly detailed, but the attacker must already possess administrative credentials to the Serv-U system. The attack vector is network-based (AV:N) with high complexity (AC:H) and requires high privileges (PR:H) [1].

Impact

Successful exploitation allows the attacker to bypass the second factor of authentication, effectively removing the additional security layer provided by MFA/2FA [1]. This could lead to unauthorized access to sensitive data or systems managed by Serv-U. The CVSS v3.1 score is 7.5 (High) with impacts to confidentiality, integrity, and availability all rated as High [1].

Mitigation

SolarWinds released a hotfix, Serv-U 15.4 HF1, on August 4, 2023, to address this vulnerability [1]. Users should upgrade to Serv-U 15.4 HF1 or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.