CVE-2017-6803

Name of the Vulnerable Software and Affected Versions SolarWinds FTP Voyager version 16.2.0

Description The issue affects the web interface in the Scheduler of SolarWinds FTP Voyager, allowing remote attackers to hijack user authentication for specific requests. This can lead to actions such as changing the admin password, terminating the scheduler, or possibly executing arbitrary commands. The attack is facilitated through crafted requests, for example, to the "Admin/XML/Result.xml" endpoint.

Recommendations For SolarWinds FTP Voyager version 16.2.0, as a temporary workaround, consider restricting access to the Scheduler's web interface and avoid using the Admin/XML/Result.xml endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.