all InfoSec news
CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild
Cyber Exposure Alerts www.tenable.com
Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised.
Background
On June 5, SolarWinds published an advisory for a vulnerability in its Serv-U file transfer protocol (FTP) and managed file transfer (MFT) solutions:
CVEDescriptionCVSSv3CVE-2024-28995SolarWinds Serv-U Path/Directory Traversal Vulnerability8.6Analysis
CVE-2024-28995 is a path or directory traversal vulnerability in SolarWinds Serv-U. An unauthenticated, remote attacker could exploit this vulnerability …
advisory automated concept cve cve-2024 cve-2024-28995 directory directory traversal directory traversal vulnerability exploit exploitation exploitation attempts exploited file file transfer flaw ftp high in the wild june managed managed file transfer mft patching path proof proof-of-concept protocol researchers serv-u severity solarwinds solarwinds serv-u solutions transfer vulnerability vulnerability exploited