CVE-2018-19999

Published: Jun 7, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.themissinglink.com.au/security-advisories-cve-2018-19999

x_refsource_MISC

https://seclists.org/fulldisclosure/2019/May/46

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-19999

Description

Affected Products

References