VAR-200412-0836
Vulnerability from variot - Updated: 2023-12-18 13:16Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0836",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "3.1.0.3"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "3.0.0.17"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "4.0.0.4"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "5.0.0.9"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "4.1.0.3"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "3.1.0.0"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "3.0.0.16"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "5.0.0.4"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "5.0.0.0"
},
{
"model": "serv-u file server",
"scope": "lte",
"trust": 1.0,
"vendor": "solarwinds",
"version": "5.0.0.11"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "4.1.0.0"
},
{
"model": "serv-u file server",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "3.1.0.1"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "3.1.0.1"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "3.0.0.17"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "4.1.0.3"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "3.0.0.16"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "3.1.0.3"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "5.0.0.0"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "3.1.0.0"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "4.0.0.4"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "5.0.0.4"
},
{
"model": "serv-u",
"scope": "eq",
"trust": 0.6,
"vendor": "serv u",
"version": "5.0.0.11"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "6.0.0.1"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "6.0"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "5.2.0.0"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "5.1.0"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "5.0.0.9"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "5.0.0.6"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "5.0.0.4"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.2"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.1.0.11"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.1"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.0.0.4"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "3.1"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "10886"
},
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:4.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.0.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:3.1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:4.1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:5.0.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to aT4r ins4n3 \u003cat4r@ciberdreams.com\u003e.",
"sources": [
{
"db": "BID",
"id": "10886"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
],
"trust": 0.9
},
"cve": "CVE-2004-2532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2532",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-693",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. \nThe weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "BID",
"id": "10886"
}
],
"trust": 1.17
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10886",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "8877",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2004-2532",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "10886"
},
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"id": "VAR-200412-0836",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2023-12-18T13:16:09.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SolarWinds Serv-U File Server Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125159"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/8877"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/10886"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"trust": 0.3,
"url": "http://www.serv-u.com/"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/16d127c3a0ee7d8db396b1aa40eeef5e.html"
}
],
"sources": [
{
"db": "BID",
"id": "10886"
},
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "10886"
},
{
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-08T00:00:00",
"db": "BID",
"id": "10886"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-08T00:00:00",
"db": "BID",
"id": "10886"
},
{
"date": "2020-07-28T14:34:40.203000",
"db": "NVD",
"id": "CVE-2004-2532"
},
{
"date": "2020-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SolarWinds Serv-U File Server Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-693"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…