SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability

Vulnerability

SolarWinds Serv-U versions 15.4.2 and prior contain a directory traversal vulnerability that can lead to remote code execution. The flaw is triggered when an authenticated user abuses software environment variables to traverse directories. The vulnerability requires the user to be authenticated and the specific privileges granted to that user determine the extent of exploitation. [1]

Exploitation

An attacker must have valid credentials for the Serv-U service. By manipulating environment variables, the attacker can perform directory traversal, potentially executing arbitrary code. The exact steps involve crafting requests that leverage environment variable substitution to escape the intended directory and access or execute files outside the root. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code on the Serv-U server with the privileges of the Serv-U process. This can lead to full compromise of the affected system, including data disclosure, modification, or denial of service, depending on the privileges of the authenticated user. [1]

Mitigation

SolarWinds has released Serv-U version 15.5, which fixes this vulnerability. Users should upgrade to this version immediately. No workarounds are documented. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]