CVE-2021-35223

Published: Aug 31, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

Affected (1)

Products: Solarwinds: Serv U

Solarwinds

1 product

Serv U

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Serv U	Before 15.2.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US

Source: psirt@solarwinds.com

Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223

Source: psirt@solarwinds.com

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.