// For flags

CVE-2004-2532

RhinoSoft Serv-U FTP Server 3.x < 5.x - Local Privilege Escalation

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-08-08 First Exploit
  • 2004-12-31 CVE Published
  • 2005-10-25 CVE Reserved
  • 2024-08-08 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-255: Credentials Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 <= 5.0.0.11
Search vendor "Solarwinds" for product "Serv-u File Server" and version " <= 5.0.0.11"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 3.0.0.16
Search vendor "Solarwinds" for product "Serv-u File Server" and version "3.0.0.16"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 3.0.0.17
Search vendor "Solarwinds" for product "Serv-u File Server" and version "3.0.0.17"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 3.1.0.0
Search vendor "Solarwinds" for product "Serv-u File Server" and version "3.1.0.0"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 3.1.0.1
Search vendor "Solarwinds" for product "Serv-u File Server" and version "3.1.0.1"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 3.1.0.3
Search vendor "Solarwinds" for product "Serv-u File Server" and version "3.1.0.3"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 4.0.0.4
Search vendor "Solarwinds" for product "Serv-u File Server" and version "4.0.0.4"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 4.1.0.0
Search vendor "Solarwinds" for product "Serv-u File Server" and version "4.1.0.0"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 4.1.0.3
Search vendor "Solarwinds" for product "Serv-u File Server" and version "4.1.0.3"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 5.0.0.0
Search vendor "Solarwinds" for product "Serv-u File Server" and version "5.0.0.0"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 5.0.0.4
Search vendor "Solarwinds" for product "Serv-u File Server" and version "5.0.0.4"
-
Affected
Solarwinds
Search vendor "Solarwinds"
 Serv-u File Server
Search vendor "Solarwinds" for product "Serv-u File Server"
 5.0.0.9
Search vendor "Solarwinds" for product "Serv-u File Server" and version "5.0.0.9"
-
Affected