SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
Description
What is the Vulnerability? | A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available. |
What is the recommended Mitigation? | Apply the most recent upgrade or patch from the vendor. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 |
What FortiGuard Coverage is available? |
|
Appendix
SolarWinds Trust Center Security Advisories | CVE-2024-28995
Intrusion Prevention | FortiGuard Labs
FortiClient Vulnerability | FortiGuard Labs