CVE-2018-19999
First published: Fri Jun 07 2019(Updated: )
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Solarwinds Serv-u Ftp Server | =15.1.6.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-19999.
What is the severity of CVE-2018-19999?
CVE-2018-19999 has a severity rating of 7.8 (high).
What is the affected software of CVE-2018-19999?
The affected software of CVE-2018-19999 is SolarWinds Serv-U FTP Server version 15.1.6.25.
What is the impact of CVE-2018-19999?
CVE-2018-19999 allows local users to bypass authentication and execute code in the context of the Windows SYSTEM account, leading to privilege escalation.
How can I fix the vulnerability CVE-2018-19999?
To fix the vulnerability CVE-2018-19999, upgrade SolarWinds Serv-U FTP Server to a version that has the necessary patches or fixes provided by the vendor.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/solarwinds
- canonical/solarwinds serv-u ftp server
- version/solarwinds serv-u ftp server/15.1.6.25