PT-2021-20848 · Unknown · Serv-U File Server
Published
2021-08-31
·
Updated
2021-09-16
·
CVE-2021-35223
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Serv-U File Server (affected versions not specified)
Description:
The Serv-U File Server has an issue where it allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of
user string variables, allowing remote code execution.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Serv-U File Server