PT-2018-13752 · Solarwinds · Solarwinds Sftp/Scp Server
Alex Craggs
·
Published
2018-12-05
·
Updated
2020-12-18
·
CVE-2018-16792
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SolarWinds SFTP/SCP server through 2018-09-10
Description
The issue allows an attacker to exploit a world-readable and writable configuration file, leading to XXE (XML External Entity) vulnerability. This vulnerability enables an attacker to exfiltrate data.
Recommendations
For SolarWinds SFTP/SCP server through 2018-09-10, consider restricting access to the configuration file to prevent it from being world-readable and writable until a fix is available. As a temporary workaround, limit the permissions on the configuration file to minimize the risk of exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solarwinds Sftp/Scp Server