PT-2024-4165 · Solarwinds · Solarwinds Serv-U

Hussein Daher

Published

2024-06-06

Updated

2026-02-26

CVE-2024-28995

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions 15.4.2 and earlier

Description SolarWinds Serv-U was susceptible to a directory traversal vulnerability that would allow access to read sensitive files on the host machine. Threat actors are actively exploiting this issue in the wild, with public exploits available.

Recommendations SolarWinds Serv-U versions prior to 15.4.2: Update to version 15.4.2 or a later version to resolve this issue.

Exploit

Fix

DoS

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2024-04650

CVE-2024-28995

Affected Products

Solarwinds Serv-U

PT-2024-4165 · Solarwinds · Solarwinds Serv-U

CVE-2024-28995

Weakness Enumeration

Related Identifiers

Affected Products

References · 83