Vulnerability Details : CVE-2018-15906
Potential exploit
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
Vulnerability category: Execute code
Products affected by CVE-2018-15906
- cpe:2.3:a:solarwinds:serv-u_ftp_server:15.1.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15906
4.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15906
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
|
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
References for CVE-2018-15906
-
http://seclists.org/fulldisclosure/2019/Feb/4
Full Disclosure: Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP ServerExploit;Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/106844
SolarWinds Serv-U FTP Server CVE-2018-15906 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation ≈ Packet StormExploit;VDB Entry;Third Party Advisory
Jump to