Vulnerability Details CVE-2018-15906
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Feb/4
- http://www.securityfocus.com/bid/106844
- http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Feb/4
- http://www.securityfocus.com/bid/106844
Products affected by CVE-2018-15906
-
cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.6