Privilege escalation in Serv-U FTP server

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU20297

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2019-12181

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to unspecified error. A remote authenticated attacker can escalate privileges on the system by manipulating the installer arguments.

The vulnerability affects Serv-U releases on Linux systems.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Serv-U FTP Server: 15.1 - 15.1.6

CPE2.3

• cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1:*:*:*:*:*:*:*
• cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.2:*:*:*:*:*:*:*

External links

https://packetstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.html
https://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.html
https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-1-7_release_notes.htm
https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-Potential-elevation-of-privileges-on-Linux-systems

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.