CVE-2024-28995

high

Description

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

From the Tenable Blog

CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild

Published: 2024-06-21

Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised.

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995

https://www.securityweek.com/recent-adobe-commerce-vulnerability-exploited-in-wild/

https://www.labs.greynoise.io/grimoire/2024-06-solarwinds-serv-u/

https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-2-Release-Notes

Details

Source: Mitre, NVD

Published: 2024-06-06

Updated: 2024-11-29

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.94444

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest

Detections

Analytics