CVE-2021-35252: Common Key Vulnerability in Serv-U FTP Server
First published: Fri Dec 16 2022(Updated: )
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
Credit: psirt@solarwinds.com psirt@solarwinds.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Serv-U | <15.3.2 |
Remedy
SolarWinds advises to upgrade to the latest version of Serv-U 15.3.2 once became generally available.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-35252?
CVE-2021-35252 is a vulnerability in Serv-U FTP Server, where a common encryption key is used across all deployed instances, allowing an attacker to recover encrypted values to plaintext.
What is the severity of CVE-2021-35252?
CVE-2021-35252 has a severity rating of 7.5 (high).
Which software is affected by CVE-2021-35252?
Serv-U FTP Server versions up to 15.3.2 are affected by CVE-2021-35252.
How can an attacker exploit CVE-2021-35252?
An attacker can exploit CVE-2021-35252 by intercepting an encrypted value and recovering it to plaintext using the common encryption key.
Where can I find more information about CVE-2021-35252?
You can find more information about CVE-2021-35252 on the CVE Mitre website, SolarWinds documentation, and SolarWinds security advisories.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/title
- agent/tags
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/solarwinds
- canonical/solarwinds serv-u