CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-15541
https://notcve.org/view.php?id=CVE-2020-15541
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, permite una ejecución de comandos remota • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15543
https://notcve.org/view.php?id=CVE-2020-15543
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, no comprueba una ruta de argumento • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15542
https://notcve.org/view.php?id=CVE-2020-15542
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. El servidor SolarWinds Serv-U FTP versiones anteriores a 15.2.1, maneja inapropiadamente el comando CHMOD • https://documentation.solarwinds.com/en/success_center/servu/Content/Release_Notes/Servu_15-2-1_release_notes.htm •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 6CVE-2019-12181 – Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Existe una vulnerabilidad de escalado de privilegios en SolarWinds Serv-U en versiones anteriores a la 15.1.7 para Linux. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47009 https://www.exploit-db.com/exploits/47072 https://www.exploit-db.com/exploits/47173 https://github.com/mavlevin/CVE-2019-12181 http://packetstormsecurity.com/files/153333/Serv-U-FTP-Server-15.1.6-Privilege-Escalation.html http://packetstormsecurity.com/files/153505/Serv-U-FTP-Server-prepareinstallation-Privilege-Escalation.html https://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.html https://documentation.solarwinds.com/en/success_c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 2CVE-2018-15906 – SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15906
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. SolarWinds Serv-U FTP Server 15.1.6 permite que usuarios remotos autenticados ejecuten código arbitrario aprovechando la característica de importación y modificando un archivo CSV. SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation. • http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Feb/4 http://www.securityfocus.com/bid/106844 •